On Mon, May 17, 2004 at 03:40:16PM -0400, Joe Konecny wrote: > First install of amanda... Freebsd 5.2.1, Amanda 2.4.4p2. > I used bin and operator when compiling.
I much prefer to create a new userid just for Amanda. If it runs as bin, then it can write to a large part of the system (no special privileges kernel-wise, but typically a *lot* of stuff is owned by bin). The principle of "least privilege" says that's an unsafe idea -- if an attacker gets in, it gives them a(nother) possible way to escalate privilege, plant trojans, etc. But if you're determined to let Amanda run as bin... > 1. Where does .amandahosts go for the bin user? /bin? .amandahosts goes in the bin user's home directory, as specified in /etc/passwd. > I get an error "ERROR: r4p17: [access as bin not allowed > from [EMAIL PROTECTED] open of //.amandahosts failed. Looks like that's /.amandahosts on your box (the extra "/" has no significance; it probably comes from the code's doing the C equivalent of: homedir="/" # Actually, looking it up in /etc/passwd file="${homedir}/.amandahosts" ). -- | | /\ |-_|/ > Eric Siegerman, Toronto, Ont. [EMAIL PROTECTED] | | / It must be said that they would have sounded better if the singer wouldn't throw his fellow band members to the ground and toss the drum kit around during songs. - Patrick Lenneau