We had similar problems with BSM enabled. John Jackson gave me the
info on making amanda run as root in inetd.conf. The problem is
really with Solaris. John's info is attached.
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Brian Cuttler
Sent: Wednesday, October 10, 2001 2:07 PM
To: [EMAIL PROTECTED]; Chris Knight
Subject: Amanda 2.4.2p2 on Solaris 8 - "amanda" user account
Hello all,
Have built a new tar-ball for a new "secure" system and wanted
to introduce a non-root non-bin account for amanda to run under.
Build (gcc on Solaris 2.8) seems to have gone well and the make
install ran cleanly.
Amended /etc/services and /etc/inetd.conf, placed both .rhosts
and .amandahosts under the login directory for the new account
but I'm unable to get amcheck to run.
Will provide full details below, just wanted to lay the problem
out first.
Any suggestions would be apreciated, I'm sure its minor - but
apparently not insignificant.
thanks,
Brian
---
Brian R Cuttler [EMAIL PROTECTED]
Computer Systems Support (v) 518 486-1697
Wadsworth Center (f) 518 473-6384
NYS Department of Health Help Desk 518 473-0773
# tail /etc/services
# Amanda
amanda 10080/udp # amanda
amandaidx 10082/tcp # amanda
amidxtape 10083/tcp # amanda
# tail /etc/inetd.conf
# Amanda
amandaidx stream tcp nowait amanda
/usr/local/lib/libexec/amindexd
amanda dgram udp wait amanda /usr/local/libexec/amandad
amandad
# cat /export/people/amanda/.amandahosts
bioinfo bin
bioinfo amanda
bioinfo.wadsworth.org bin
bioinfo.wadsworth.org amanda
Note - .rhosts is identical to .amandahosts and that the
amanda server is running amanda as "bin", hopefully I'll
get that fixed when I update the server next.
Yes - I am only configuring this new box as a "client", the
server is on a Solaris 2.7 system.
Running amcheck on the server I find the following messages
on the client. No /tmp/amanda directory is created nor any
amanda log files.
# tail /var/adm/messages
Oct 5 11:06:44 c110 inetd[24784]: [ID 858011 daemon.warning]
/usr/local/libexec/amandad: Hangup
Oct 5 11:07:04 c110 last message repeated 2 times
I know I'm missing something fairly minor - I just have no idea
what it is.
thanks,
Brian
----- End of forwarded message from Brian Cuttler -----
--- Begin Message ---
>We are running amanda 2.4.2p1 on Solaris 8 and Solaris 2.6 with it
>configured to run as amanda. Everything works fine until we enable Sun's
>Basic Security Module (BSM). ...
This came up toward the end of May. You can search the archives for
Subject "Problems with Solaris 8 BSM auditing and amanda 2.4.2p2".
I never saw a real solution to the problem go by, but there was a
workaround posted (appended).
>Eva Freer ([EMAIL PROTECTED])
John R. Jackson, Technical Software Specialist, [EMAIL PROTECTED]
To: "Kevin M. Myer" <[EMAIL PROTECTED]>
cc: [EMAIL PROTECTED]
Subject: Re: Problems with Solaris 8 BSM auditing and amanda 2.4.2p2
Date: Wed, 30 May 2001 08:17:15 -0400
From: Daniel Lorenzini <[EMAIL PROTECTED]>
...
Kevin,
I have seen this problem. I suspect it is a Solaris problem but I
can't be sure since I have not investigated it fully. However, I have
gotten it to work using a hack.
Make a small script called "run-amandad" and put it in the directory with
the other amada executables <amanda-path>:
#!/bin/sh
su amanda -c <amanda-path>/amandad
Then change your inetd.conf line to:
amanda dgram udp wait root <amanda-path>/run-amandad amanda
I've been using this for a while and I haven't had any problems with it.
Regards,
Dan Lorenzini Greenwich Capital Markets
[EMAIL PROTECTED] 600 Steamboat Road
203-625-6088 Greenwich, CT 06830
--- End Message ---
BEGIN:VCARD
VERSION:2.1
N:Freer;Eva;Broadaway
FN:Eva Broadaway Freer
NICKNAME:Eva
ORG:Oak Ridge National Laboratory;Instrumentation & Controls Division
TITLE:Development Engineer
TEL;WORK;VOICE:865-574-6894
TEL;PAGER;VOICE:865-873-4293
ADR;WORK;ENCODING=QUOTED-PRINTABLE:;;PO Box 2008=0D=0AMS 6007=0D=0A;Oak Ridge;Tennessee;37831-6007;United State=
s
LABEL;WORK;ENCODING=QUOTED-PRINTABLE:PO Box 2008=0D=0AMS 6007=0D=0A=0D=0AOak Ridge, Tennessee 37831-6007=0D=0AUni=
ted States
EMAIL;PREF;INTERNET:[EMAIL PROTECTED]
REV:20010315T015830Z
END:VCARD
