Greetings; I just nuked the amanda install, then re-installed on that box, so now everything is as user:group=root:root except the runtar & related stuffs.
From that install, an ls -la of /usr/lib/amanda: total 204 drwxr-xr-x 2 root root 4096 2009-09-30 22:14 . drwxr-xr-x 115 root root 45056 2009-09-30 22:14 .. -rwxr-xr-x 1 root root 15000 2005-12-31 09:48 amandad -rwxr-xr-x 1 root root 5068 2005-12-31 09:48 amqde -rwxr-xr-x 1 root root 9816 2005-12-31 09:48 calcsize -rwsr-xr-- 1 root backup 5224 2005-12-31 09:48 killpgrp -rwxr-xr-x 1 root root 4810 2005-12-31 09:48 patch-system -rwsr-xr-- 1 root backup 4628 2005-12-31 09:48 rundump -rwsr-xr-- 1 root backup 4928 2005-12-31 09:48 runtar -rwxr-xr-x 1 root root 18096 2005-12-31 09:48 selfcheck -rwxr-xr-x 1 root root 32008 2005-12-31 09:48 sendbackup -rwxr-xr-x 1 root root 30712 2005-12-31 09:48 sendsize -rwxr-xr-x 1 root root 3084 2005-12-31 09:48 versionsuffix And that looks scary as hell to me in terms of security. But who knows just how the hell they cram amanda into a deb. So I give up, add a user backup, and change everything in a parallel configuration directory to be backup instead of amanda. So, my question then since the runtar log generated by my running an su amanda -c "amcheck Shop" if the user is amanda gets me this: -------------- runtar: debug 1 pid 5864 ruid 0 euid 34: start at Wed Sep 30 22:10:47 2009 /usr/lib/amanda/runtar: version 2.4.5p1 runtar: error [must be invoked by backup] runtar: pid 5864 finish time Wed Sep 30 22:10:47 2009 ------------------- So, making all instances of the user amanda into backup in the config and a few other changes: ---------------------- [r...@coyote Shop]# su backup -c "amcheck Shop" bash: /usr/local/sbin/amcheck: Permission denied ----------------------- So, I add backup to the disk string in group, and disk to the backup entry in group, and get this: ------------------------- r...@coyote etc]# su backup -c "amcheck Shop" amcheck: critical (fatal): create debug directory "/tmp/amanda-dbg//server/": Permission denied amcheck: create debug directory "/tmp/amanda-dbg//server/": Permission denied /usr/local/lib/amanda/libamanda-2.6.2alpha-20090831.so[0xb7e80c66] /lib/libglib-2.0.so.0(g_logv+0x26f)[0x4f9a527f] /lib/libglib-2.0.so.0(g_log+0x26)[0x4f9a5626] /usr/local/lib/amanda/libamanda-2.6.2alpha-20090831.so[0xb7e8011c] /usr/local/lib/amanda/libamanda-2.6.2alpha-20090831.so(debug_open+0x52) [0xb7e807e2] amcheck(main+0x95)[0x8050435] /lib/libc.so.6(__libc_start_main+0xe5)[0x4523c6e5] amcheck[0x804a2f1] ---------------------- Which looks like it gives a lot of stuff a bellyache. Is there a way to use both 'amanda' as the local user, and 'backup' for the user going out on le0, or how can I widen the perms, hummm, change the damned /tmp path to /tmp/backup & give it its own perms maybe. Except its trying to make the subdirs in /tmp/amanda, which are quite restricted access. So that's a non starter. And all I really wanted to do was to add 4 entrys in the 'Daily' disklist to pickup the emc related stuff from my milling machine, but I had NDI it would be a 2 week job & its still not working. Discouraging to say the least. -- Cheers, Gene "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. <https://www.nrahq.org/nrabonus/accept-membership.asp> Look afar and see the end from the beginning.
