I installed ClamAv and ClamTK as an extra security measure, however every time I go to update it I have to give ownership of /var/lib/clamav/ to active user using Rootactions. I find this odd since I give ownership to the active user using the same method for /mnt/ before creating my folders in it for my secondary drives and partitions, and it never reverts the ownership. I’m assuming /var/ is handled by the system differently than /mnt/ is. That said how do I keep the system from reverting var’s permissions back so I don’t have to give the active user ownership every time ClamAV tries to updates? Thanks
── 03:36:22 - Update ClamAV Database(FreshClam) ────────────────────────────────
ClamAV update process started at Fri Aug 23 03:36:22 2024
ERROR: Can't create temporary directory /var/lib/clamav/tmp.8f1e9794be
Hint: The database directory must be writable for UID 1000 or GID 1002
ERROR: Update failed.
ClamAV Databases failed:
0: Command failed: `/usr/bin/freshclam`
1: `/usr/bin/freshclam` failed: exit status: 10
Location:
src/steps/generic.rs:958
Retry? (y)es/(N)o/(s)hell/(q)uit
garuda-inxi ✔ 05:25:02 AM
System:
Kernel: 6.10.8-zen1-1-zen arch: x86_64 bits: 64 compiler: gcc v: 14.2.1
clocksource: tsc avail: hpet,acpi_pm
parameters: BOOT_IMAGE=/@/boot/vmlinuz-linux-zen
root=UUID=61af9897-861a-44c9-90b3-427648488cc4 rw rootflags=subvol=@
quiet loglevel=3 ibt=off
Desktop: KDE Plasma v: 6.1.4 tk: Qt v: N/A info: frameworks v: 6.5.0
wm: kwin_wayland vt: 1 dm: SDDM Distro: Garuda base: Arch Linux
Machine:
Type: Desktop System: ASUS product: N/A v: N/A serial: <superuser required>
Mobo: ASUSTeK model: TUF GAMING B550-PLUS WIFI II v: Rev X.0x
serial: <superuser required> part-nu: SKU uuid: <superuser required>
UEFI: American Megatrends v: 3607 date: 03/22/2024
Battery:
Device-1: hidpp_battery_0 model: Logitech Wireless Keyboard K360
serial: <filter> charge: 100% (should be ignored) rechargeable: yes
status: discharging
CPU:
Info: model: AMD Ryzen 7 5700X bits: 64 type: MT MCP arch: Zen 3+ gen: 4
level: v3 note: check built: 2022 process: TSMC n6 (7nm) family: 0x19 (25)
model-id: 0x21 (33) stepping: 2 microcode: 0xA20120E
Topology: cpus: 1x cores: 8 tpc: 2 threads: 16 smt: enabled cache:
L1: 512 KiB desc: d-8x32 KiB; i-8x32 KiB L2: 4 MiB desc: 8x512 KiB
L3: 32 MiB desc: 1x32 MiB
Speed (MHz): avg: 3488 high: 3839 min/max: 2200/4662 boost: enabled
scaling: driver: acpi-cpufreq governor: performance cores: 1: 3400 2: 3400
3: 3400 4: 3606 5: 3400 6: 3400 7: 3594 8: 3400 9: 3591 10: 3597 11: 3839
12: 3592 13: 3400 14: 3400 15: 3400 16: 3400 bogomips: 108599
Flags: avx avx2 ht lm nx pae sse sse2 sse3 sse4_1 sse4_2 sse4a ssse3
Vulnerabilities: <filter>
Graphics:
Device-1: NVIDIA GA106 [GeForce RTX 3060 Lite Hash Rate] vendor: ASUSTeK
driver: nvidia v: 560.35.03 alternate: nouveau,nvidia_drm non-free: 550.xx+
status: current (as of 2024-06; EOL~2026-12-xx) arch: Ampere code: GAxxx
process: TSMC n7 (7nm) built: 2020-2023 pcie: gen: 4 speed: 16 GT/s
lanes: 16 ports: active: none off: HDMI-A-1 empty: DP-1,DP-2,DP-3
bus-ID: 0a:00.0 chip-ID: 10de:2504 class-ID: 0300
Display: wayland server: X.org v: 1.21.1.13 with: Xwayland v: 24.1.2
compositor: kwin_wayland driver: X: loaded: nvidia unloaded: modesetting
alternate: fbdev,nouveau,nv,vesa gpu: nvidia display-ID: 0
Monitor-1: HDMI-A-1 res: 2560x1080 size: N/A modes: N/A
API: EGL v: 1.5 hw: drv: nvidia platforms: device: 0 drv: nvidia device: 2
drv: swrast gbm: drv: nvidia surfaceless: drv: nvidia wayland: drv: nvidia
x11: drv: nvidia inactive: device-1
API: OpenGL v: 4.6.0 compat-v: 4.5 vendor: nvidia mesa v: 560.35.03
glx-v: 1.4 direct-render: yes renderer: NVIDIA GeForce RTX 3060/PCIe/SSE2
memory: 11.72 GiB display-ID: :1.0
API: Vulkan v: 1.3.279 layers: 7 device: 0 type: discrete-gpu
name: NVIDIA GeForce RTX 3060 driver: nvidia v: 560.35.03
device-ID: 10de:2504 surfaces: xcb,xlib,wayland
Audio:
Device-1: NVIDIA GA106 High Definition Audio vendor: ASUSTeK
driver: snd_hda_intel v: kernel pcie: gen: 4 speed: 16 GT/s lanes: 16
bus-ID: 0a:00.1 chip-ID: 10de:228e class-ID: 0403
Device-2: AMD Starship/Matisse HD Audio vendor: ASUSTeK
driver: snd_hda_intel v: kernel pcie: gen: 4 speed: 16 GT/s lanes: 16
bus-ID: 0c:00.4 chip-ID: 1022:1487 class-ID: 0403
API: ALSA v: k6.10.8-zen1-1-zen status: kernel-api with: aoss
type: oss-emulator tools: N/A
Server-1: PipeWire v: 1.2.3 status: active with: 1: pipewire-pulse
status: active 2: wireplumber status: active 3: pipewire-alsa type: plugin
4: pw-jack type: plugin tools: pactl,pw-cat,pw-cli,wpctl
Network:
Device-1: Intel Wi-Fi 6 AX200 driver: iwlwifi v: kernel pcie: gen: 2
speed: 5 GT/s lanes: 1 bus-ID: 07:00.0 chip-ID: 8086:2723 class-ID: 0280
IF: wlp7s0 state: down mac: <filter>
Device-2: Realtek RTL8125 2.5GbE vendor: ASUSTeK driver: r8169 v: kernel
pcie: gen: 2 speed: 5 GT/s lanes: 1 port: f000 bus-ID: 09:00.0
chip-ID: 10ec:8125 class-ID: 0200
IF: enp9s0 state: up speed: 1000 Mbps duplex: full mac: <filter>
Info: services: NetworkManager, smbd, systemd-timesyncd, wpa_supplicant
Bluetooth:
Device-1: IMC Networks Wireless_Device driver: btusb v: 0.8 type: USB
rev: 2.1 speed: 480 Mb/s lanes: 1 mode: 2.0 bus-ID: 1-5:3 chip-ID: 13d3:3563
class-ID: e001 serial: <filter>
Report: btmgmt ID: hci0 rfk-id: 0 state: down bt-service: enabled,running
rfk-block: hardware: no software: no address: <filter> bt-v: 5.2 lmp-v: 11
status: discoverable: no pairing: no
Device-2: Intel AX200 Bluetooth driver: btusb v: 0.8 type: USB rev: 2.0
speed: 12 Mb/s lanes: 1 mode: 1.1 bus-ID: 1-7.4:11 chip-ID: 8087:0029
class-ID: e001
Report: ID: hci1 rfk-id: 1 state: up address: <filter> bt-v: 5.2 lmp-v: 11
status: discoverable: no pairing: no class-ID: 6c0104
Drives:
Local Storage: total: 34.11 TiB used: 18.78 TiB (55.1%)
SMART Message: Unable to run smartctl. Root privileges required.
ID-1: /dev/nvme0n1 maj-min: 259:0 vendor: Crucial model: CT1000T500SSD8
size: 931.51 GiB block-size: physical: 512 B logical: 512 B speed: 63.2 Gb/s
lanes: 4 tech: SSD serial: <filter> fw-rev: P8CR002 temp: 33.9 C
scheme: GPT
ID-2: /dev/nvme1n1 maj-min: 259:5 vendor: Crucial model: CT500P3SSD8
size: 465.76 GiB block-size: physical: 512 B logical: 512 B speed: 31.6 Gb/s
lanes: 4 tech: SSD serial: <filter> fw-rev: P9CR30A temp: 32.9 C
scheme: GPT
ID-3: /dev/sda maj-min: 8:0 vendor: Seagate model: Expansion HDD
size: 7.28 TiB block-size: physical: 4096 B logical: 512 B type: USB
rev: 3.2 spd: 5 Gb/s lanes: 1 mode: 3.2 gen-1x1 tech: N/A serial: <filter>
fw-rev: 1801 scheme: GPT
ID-4: /dev/sdb maj-min: 8:16 vendor: Seagate model: Expansion HDD
size: 10.91 TiB block-size: physical: 4096 B logical: 512 B type: USB
rev: 3.2 spd: 5 Gb/s lanes: 1 mode: 3.2 gen-1x1 tech: N/A serial: <filter>
fw-rev: 0003 scheme: GPT
ID-5: /dev/sdc maj-min: 8:32 vendor: Seagate model: Expansion HDD
size: 14.55 TiB block-size: physical: 4096 B logical: 512 B type: USB
rev: 3.2 spd: 5 Gb/s lanes: 1 mode: 3.2 gen-1x1 tech: N/A serial: <filter>
fw-rev: 1801 scheme: GPT
Partition:
ID-1: / raw-size: 232.8 GiB size: 232.8 GiB (100.00%)
used: 38.18 GiB (16.4%) fs: btrfs dev: /dev/nvme0n1p3 maj-min: 259:3
ID-2: /boot/efi raw-size: 300 MiB size: 299.4 MiB (99.80%)
used: 182.4 MiB (60.9%) fs: vfat dev: /dev/nvme0n1p1 maj-min: 259:1
ID-3: /home raw-size: 232.8 GiB size: 232.8 GiB (100.00%)
used: 38.18 GiB (16.4%) fs: btrfs dev: /dev/nvme0n1p3 maj-min: 259:3
ID-4: /var/log raw-size: 232.8 GiB size: 232.8 GiB (100.00%)
used: 38.18 GiB (16.4%) fs: btrfs dev: /dev/nvme0n1p3 maj-min: 259:3
ID-5: /var/tmp raw-size: 232.8 GiB size: 232.8 GiB (100.00%)
used: 38.18 GiB (16.4%) fs: btrfs dev: /dev/nvme0n1p3 maj-min: 259:3
Swap:
Kernel: swappiness: 133 (default 60) cache-pressure: 100 (default) zswap: no
ID-1: swap-1 type: zram size: 46.96 GiB used: 0 KiB (0.0%) priority: 100
comp: zstd avail: lzo,lzo-rle,lz4,lz4hc,842 max-streams: 16 dev: /dev/zram0
Sensors:
System Temperatures: cpu: 41.2 C mobo: N/A
Fan Speeds (rpm): N/A
Info:
Memory: total: 48 GiB available: 46.96 GiB used: 11.92 GiB (25.4%)
Processes: 499 Power: uptime: 55m states: freeze,mem,disk suspend: deep
avail: s2idle wakeups: 0 hibernate: platform avail: shutdown, reboot,
suspend, test_resume image: 18.73 GiB services: org_kde_powerdevil,
power-profiles-daemon, upowerd Init: systemd v: 256 default: graphical
tool: systemctl
Packages: 2215 pm: pacman pkgs: 2205 libs: 596
tools: octopi,pacseek,pikaur,yay pm: flatpak pkgs: 10 pm: snap pkgs: 0
Compilers: clang: 18.1.8 gcc: 14.2.1 Shell: garuda-inxi default: Zsh
v: 5.9 running-in: konsole inxi: 3.3.35
Garuda (2.6.26-1):
System install date: 2024-08-20
Last full system update: 2024-09-05
Is partially upgraded: No
Relevant software: snapper NetworkManager dracut nvidia-dkms
Windows dual boot: No/Undetected
Failed units: clamav-freshclam.service
I have followed the below to the letter and still get the above error. I thought the below command finally fixed the issue but no it is still there. Originally I posted to the RebornOS forums cause their OS is where I first noticed the issue. Then I created a issue ticket on ClamAV’s github. Both services for it are added and enabled at startup and the timer service is also added and enabled at startup. Since this issue is happening irregardless of Arch based distro any ideas on getting this addressed would be greatly appreciated. Thanks
sudo chown UID:GID /var/lib/clamav && chmod 755 /var/lib/clamav