SUID isn't necessary in this case. All you need to do is add Amanda to a
group that can read the raw device of the hard drive (e.g. /dev/hda,
/dev/rdsk/c0t0d0s0, etc.). On Solaris, it would be sys group and for
Linux, it would be disk group.
Example permission set on /dev/rdsk/c0t0d0s0 on Sun Solaris 8:
[josh@homer ~]% ls -l /dev/rdsk/c0t0d0s0
lrwxrwxrwx 1 root root 45 Oct 23 16:17 /dev/rdsk/c0t0d0s0 ->
../../devices/pci@1f,4000/scsi@3/sd@0,0:a,raw
[josh@homer ~]% ls -l /devices/pci@1f,4000/scsi@3/sd@0,0:a,raw
crw-r----- 1 root sys 32, 0 Oct 23 16:17
/devices/pci@1f,4000/scsi@3/sd@0,0:a,raw
You can see that this device is group readable by sys, therefore Amanda
user should be in that group. So in your case, your user 'backup' should
be in group 'sys' or 'disk', depending on what OS you are using. When you
restore files from tape, you need to run amrecover or amrestore as root to
be able to write to the filesystem.
Josh
Matt Glaves wrote:
>
> I have just inherited a system running Amanda. I have performed a few
> test restores and it appears that the system is only backing up files
> which are world readable.
>
> I watched it perform a backup and it appears that it is using 'dumper' to
> dump all information. This program is running as the user 'backup'. My
> guess is there should be a SUID program which is calling dumper, or dumper
> itself might need to be SUID w/group perms of backup.
>
> I have scanned the docs and archives, but can't quite seem to figure this
> out.
>
> Any help would be great!
>
> thanks,
>
> matt
