John,
No and Yes. /usr/local/sbin and /usr/local/libexec are on bali:/usr/local
which is of course local to bali but remote to all (other) amanda clients.
Also amanda server laksha (with clients laksha and andaman) mounts
/usr/local from bali.
The critical programs (the ones that are owned by root:sys and have
suid) are rx by group (sys). I thought that would allow read by
members of the group and then suid which is really only an issue
once the program is in memory on the remote system ??
Unless, IRIX, unlike Solaris, is stripping the suid bit across the
NFS network mount. I mean, this works fine on the Solaris config
but is a problem on IRIX.
I wonder how the other managers would feel if I wanted to allow
Root=read on the /usr/local nfs mounted partition (I wonder if
its an option vs root=rw).
Or did you mean something else ?
IRIX, like unix only different.
thanks,
Brian
> >Amcheck now runs correctly with only one remaining error message.
> >...
> >ERROR: running as user "amanda" instead of "root"
>
> This says you have "dumpuser" in amanda.conf set to "root", but you
> are trying to run amcheck as "amanda".
>
> It's even in the amcheck(8) man page :-).
>
> >Oddly enough I have another server (with two clients, including
> >itself) of the same architecture and running the programs from
> >the crossmounted disks on the server we have been talking about.
> >...
> >ERROR: laksha: [host laksha: port 1145 not secure]
> >ERROR: andaman: [host laksha: port 1145 not secure]
>
> Either amcheck is not running setuid-root or you have something between
> the server and clients (e.g. a firewall) that is doing port remapping.
>
> Do I understand you correctly that amcheck itself is NFS mounted on
> the server? If so, are the NFS export and mount options set up so
> root stays root across the mount and setuid programs are allowed?
>
> > Brian
>
> John R. Jackson, Technical Software Specialist, [EMAIL PROTECTED]
