Hi,
Foreword:
I am using Sophos Antivirus for Linux in the CID-based configuration, formerly known as corporate configuration. An Enterprise console, i.e. a Windoz computer, is not required.
The CID directory (on Linux server) is read-only shared across a local network with NFS and it is used as a primary update source on the Linux clients. The server OS is Ubuntu 8.04.4 LTS (server), while all clients use the same distribution for client. The entire configuration was working perfectly till the version 6.
Malfunction:
With the automatic passage to version 7, the following problems appear:
1) The NFS CID directory became inaccessible to the clients, while perfectly exported on server and mounted on clients.
2) The Corporate layer settings disappear on the server and the command addcfg.sh, to copy the off-line configuration to the live configuration, doesn't work any more. The attempt to re-create the off-line configuration file doesn't change the situation, the check command:
/opt/sophos-av/bin/savconfig --corporate query
generates an empty output again.
Analysis:
The problem 1) appears due to root changed permissions on CID directory for version 7. Normally, on the Linux servers, the NFS export use sc. 'root squashing', to avoid clients root to be treated as root when accessing files on the NFS server, see exports(5). This standard mechanism prevents the CID access by the client root processes. The solution is to disable the 'root squashing' by adding the "no_root_squash" option to the export command:
/opt/sophos-av/update/cache/Primary *(ro,sync,no_root_squash,no_subtree_check)
in the /etc/fstab file.
I am astonished that no news about this can be found on the support section of the Sophos site :smileysurprised:
The problem 2) appears due to absence for version 7 of the CID live configuration file:
/opt/sophos-av/update/cache/Primary/config/CorporateLayer.cfg
still needed for the addcfg.sh script. It seems that the following directory:
/opt/sophos-av/update/cache/Primary/config
is not included in the installation path any more; if you try to manually create it, then, at the following update (from the Sophos site) it will be automatically removed :smileysurprised:
In this way, I am not allowed to propagate the corporate layer setting to the attached Linux clients :smileysad:
Question:
Could anyone help me to solve the problem 2) ? :smileyhappy:
Thanks,
Kuba
P.S.
Final question about the Sophos commercial policy. In Italy the legal private users (i.e. without a VAT number) have limited access to the Sophos support, does this happen also in other countries?
This thread was automatically locked due to age.
