On Thursday 03 July 2003 16:07, Eric Siegerman wrote: >On Thu, Jul 03, 2003 at 02:59:35PM -0400, Gene Heskett wrote: >> On Thursday 03 July 2003 13:21, Eric Siegerman wrote: >> >On Thu, Jul 03, 2003 at 12:40:35PM -0400, Jon LaBadie wrote: >> >> Most people build the software as the amanda_user. >> > >> >Why? I just built it under my own account, and everything went >> >ok. (I did the "make install" as root of course.) >> >> Which if you follow that to its logical conclusion means that >> because you must then be a member of the group disk or backup, >> your default account will have virtually root perms. > >No. My personal account is NOT a member of the >disk/operator/backup/whatever group. Amanda doesn't *run* as me; >I did the usual -- created an "amanda" account and configured the >package with: > --with-user=amanda --with-group=<system-dependent-value> > >My only question was why people find it useful to "configure >--many-options; make" Amanda as that user, instead of as >themselves. > >> Most of us would rather not have your own user accounts so >> exposed, > >Indeed. Myself emphatically included. > >Ok, my "make install" as root is a hole, I admit, but a pretty >typical one. (Don't get me started on the topic of GNU packages' >and automake's inscrutable, unauditable "make -n" logs!) > And one thats required in order to get all the proper perms set.
>Hmm, maybe your point is that by doing the whole thing as >"amanda" you can avoid becoming root for the "make install" >(after the first time on a given box, of course, when some >directories might need to be created and chown'ed). But that >only works because Amanda conflates "the user under which I run" >with "the user that owns my files", which is a security problem >in itself. > >In fact, that's one of my pet peeves; Amanda should *not* have >write permission on its own files -- or be able to acquire it, >i.e. "chmod a-w" doesn't suffice. "Least privilege" and all >that. (I don't know how an attacker could use the write >permission that Amanda now has, but it's prudent to start off by >assuming, until convinced otherwise, that there exists a way to >use it.) There may be, and I personally have not explored it. I have a tendency to leave that to the real security experts, where an expert is anyone more than 50 miles from home and carrying a briefcase. I'm neither :) -- Cheers, Gene AMD [EMAIL PROTECTED] 320M [EMAIL PROTECTED] 512M 99.26% setiathome rank, not too shabby for a WV hillbilly Yahoo.com attornies please note, additions to this message by Gene Heskett are: Copyright 2003 by Maurice Eugene Heskett, all rights reserved.
