On Wednesday 03 October 2018 00:01:33 Nathan Stratton Treadway wrote:
> ("Subject: lets try a new thread" -- putting this question in its own
> thread is a good idea, but a descriptive subject line would be even
> better :) .)
>
> On Tue, Oct 02, 2018 at 21:43:46 -0400, Gene Heskett wrote:
> > Greetings;
> >
> > Finally found and built 3.5.1, and installed. But amcheck isn't
> > happy, complaining about the amanda-security.conf file being
> > writable by group. It is not according to an ls -l
> > ls -l /usr/local/etc/amanda/amanda-security.conf
> > -rw-r--r-- 1 root root 2034 Oct 2 14:26 amanda-security.conf
> >
> > Which is as its man page quotes.
> >
> > But amcheck says otherwise:
> > Amanda Backup Client Hosts Check
> > --------------------------------
> > ERROR: coyote: selfcheck request failed: file/dir '/usr/local/etc'
> > (/usr/local/etc/amanda-security.conf) is writable by the group
>
> The error message is complaining about the permissions on the
> "/usr/local/etc/" directory.
>
> The message also mentions (in parentheses) the amanda-security.conf
> file because that's the specific configuration file that was being
> checked when the unsafe containing directory was discovered.... but
> it's the directory itself that is writable by group.
>
> [One might be able to argue that in some environments having a
> group-writable containing directory isn't actually a problem, but
> since the amanda-security.conf file was added to plug a security hole
> I guess Amanda treats it very carefully -- in any case, I don't
> immediately see any path through the code that would allow one to
> relax these permission checks on all the levels of containing
> directories....]
>
>
/usr/local/etc is owned by root:staff, so how do I fix that so other
stuff:
drwxr-xr-x 3 amanda amanda 4096 Oct 2 14:26 amanda
-rw-r--r-- 1 root root 1985 Mar 3 2017 amanda-security.conf
drwxr-xr-x 6 root root 4096 Apr 2 2009 Brother
drwxrwxrwx 2 gene gene 4096 Oct 2 02:02 heyu
-r--r--r-- 1 root root 12047 Oct 7 2011 mediaprm
-rw-r--r-- 1 root root 10911 Sep 8 2011 openssl.cnf
drwxr-sr-x 10 root root 4096 Dec 19 2006 RealPlayer
-rw-r----- 1 root root 19593 Sep 18 2008 rkhunter.conf
drwxr-xr-x 9 root root 4096 Dec 9 2009 ssl
that is also in that subdir still work??
This is not something that has been changed on my watch while running
wheezy. At least not that my ancient, 84 in 2 days, wet ram can recall.
So its the default perms setup by the installer several years back.
Since it about time cron fires off my wrapper script, I think I'll
disable it for tonight and hit the hay.
Thanks Nathan.
--
Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page <http://geneslinuxbox.net:6309/gene>
