On Fri, Jul 29, 2005 at 03:34:29PM +0100, Chuck Amadi Systems Administrator wrote: > Hi > > I run by hand amcheck it is in my crontab but every now and then I run > it to check. > > Amanda Tape Server Host Check > ----------------------------- > WARNING: program /usr/lib/amanda/planner: not setuid-root > WARNING: program /usr/lib/amanda/dumper: not setuid-root > WARNING: program /usr/sbin/amcheck: not setuid-root > > Thus I use chmod u+s as root. > > # chmod u+s /usr/lib/amanda/planner > # chmod u+s /usr/lib/amanda/dumper > # chmod u+s /usr/sbin/amcheck > > The above sorts this out bit I have had to do this a few times this > week. > > I haven't got to do this on the other tape server Where is the best > place to check why it keeps reverting to the following below. >
Chuck, I hope you realize this has nothing to do with amanda. The system probably has some "security" program that runs periodically and reports on all root-setuid programs. Perhaps automatically removing the setuid on those not in some list of "known safe" programs. I once had an AT&T sysadmin who when to a security class. At the class they learned that setuid programs were a huge security problem. When she got back, that Sunday night, she came in to the training site where I consulted and ran a find command on all the systems to locate and remove all setuid permissions on all programs. Monday morning, very little worked right. -- Jon H. LaBadie [EMAIL PROTECTED] JG Computing 4455 Province Line Road (609) 252-0159 Princeton, NJ 08540-4322 (609) 683-7220 (fax)
