On Tue, Oct 02, 2018 at 19:19:03 -0400, Gene Heskett wrote:
> ERROR: picnc: selfcheck request failed: file/dir '/usr/local/etc'
> (/usr/local/etc/amanda-security.conf) is writable by the group
> Client check: 5 hosts checked in 11.353 seconds. 5 problems found.
> (brought to you by Amanda 3.5.1)
>
> Everything in the src build dir and below is owned by amanda:disk,
> actually built by amanda in the /home/amanda directory, same as I have
> always done it.
>
> An ls -l of /usr/local shows etc is owned by root:staff.
>
> And amanda is not the only user of that etc directory.
(Sorry, didn't see this particular message until after replying to the
one you sent at 21:43...)
The question is "does the 'staff' group really need write permissions on
/usr/local/etc/ ?"
Assuming not, the easy solution is to remove group-write permission from
the directory.
(If you actually do have non-root members of "staff" writing to that
directory in your environment [or to /usr/local/, etc.], you may need to
move the amanda-security.conf file to a different, amanda-specific path
-- e.g. by tweaking your build script to pass --with-security-file to
configure.)
Nathan
----------------------------------------------------------------------------
Nathan Stratton Treadway - [email protected] - Mid-Atlantic region
Ray Ontko & Co. - Software consulting services - http://www.ontko.com/
GPG Key: http://www.ontko.com/~nathanst/gpg_key.txt ID: 1023D/ECFB6239
Key fingerprint = 6AD8 485E 20B9 5C71 231C 0C32 15F3 ADCD ECFB 6239
