("Subject: lets try a new thread" -- putting this question in its own
thread is a good idea, but a descriptive subject line would be even
better :) .)
On Tue, Oct 02, 2018 at 21:43:46 -0400, Gene Heskett wrote:
> Greetings;
>
> Finally found and built 3.5.1, and installed. But amcheck isn't happy,
> complaining about the amanda-security.conf file being writable by group.
> It is not according to an ls -l
> ls -l /usr/local/etc/amanda/amanda-security.conf
> -rw-r--r-- 1 root root 2034 Oct 2 14:26 amanda-security.conf
>
> Which is as its man page quotes.
>
> But amcheck says otherwise:
> Amanda Backup Client Hosts Check
> --------------------------------
> ERROR: coyote: selfcheck request failed: file/dir '/usr/local/etc'
> (/usr/local/etc/amanda-security.conf) is writable by the group
The error message is complaining about the permissions on the
"/usr/local/etc/" directory.
The message also mentions (in parentheses) the amanda-security.conf
file because that's the specific configuration file that was being
checked when the unsafe containing directory was discovered.... but it's
the directory itself that is writable by group.
[One might be able to argue that in some environments having a
group-writable containing directory isn't actually a problem, but since
the amanda-security.conf file was added to plug a security hole I guess
Amanda treats it very carefully -- in any case, I don't immediately see
any path through the code that would allow one to relax these permission
checks on all the levels of containing directories....]
Nathan
----------------------------------------------------------------------------
Nathan Stratton Treadway - [email protected] - Mid-Atlantic region
Ray Ontko & Co. - Software consulting services - http://www.ontko.com/
GPG Key: http://www.ontko.com/~nathanst/gpg_key.txt ID: 1023D/ECFB6239
Key fingerprint = 6AD8 485E 20B9 5C71 231C 0C32 15F3 ADCD ECFB 6239
