On Thursday 09 May 2019 11:43:37 am Jim Kusznir wrote: > Hi: > > I'm attempting to backup a FreeNAS server with Windows ACLs (as it > normally serves all its data up to Windows clients; Amanda is the only > unix user of the data). > > On the FreeBSD jail with amanda-client, as root, I can see/access all > files on the system. However, amanda is throwing permission denied > errors on folders and files without everyone=read permissions (in > windows). > > I've looked, and it appears that amanda has the proper suid bits for > the chunks doing backups (calcsize, killpgrp, rundump, runtar are all > suid and all the programs are owned by root). > > I'm at a loss as to why this isn't working. > > As a possible fix to this, it recently occured to me that perhaps I > should run a windows client and the amanda backup client on it. My > main consern is backup time and forcing a network connection. I'm > backing up approx. 75TB of data to LTO8M tape, and currently one run > (one tape's worth) takes about 36-40hrs already. This is running the > client on the hardware that has the data, so there's no network read > requirement for amanda-client to "see" the data. As this hardware is > freeBSD, I'd have to at least run a windows VM on this hardware, if > not a separate physical machine that would have to read all the data > over the network then send it to amanda-server over the network. > Would this method be substantially better? > > Are there other methods of addressing this? (adding everyone > permissions to the problem shares is not an answer we can accept here, > although figuring out how to get a special-purpose user or perhaps the > builtin BACKUP-OPERATOR group to work with amanda is potentially an > option). > > Thanks in advance for your help! > > --Jim
My $0.02 is that the windows VM is a waste of time. Other than the docs, it should make, install, and run just fine on your BSD machine, it was after all first developed on unix/linux boxes at the university of maryland, where its name comes from. But it was sold to zmanda several years ago, who had both commercial support and a gpl distribution but then was more recently sold to Betsol, and things are being rearranged and moved to git-hub, and the current format of the download is not buildable, or was not 2 days ago on my machine, currently debian stretch, their current stable distribution. I have been running, on debian 7 (wheezy) 3.5.1 built by me, but the planner needs help in addition to some tlc to get it to build the docs. One of the Betsol folks, a Chriss Hassle, is talking to us intermittently, and we've had some people working on it ourselves. Perhaps Chris or one of us can help you. It sounds like a permissions problem, and part of amanda's security model is to not run anything with more permissions than it takes to do that job. You will need an amanda, amandabackup, or backup user and that user must be a member of the disk group, or I assume a similar group on BSD. Amanda must be built and owned by amanda:amandabackup or backup, maybe even disk for its group. It also needs and .amandabackup file with 0600 perms as part of its security model. There are of course, stuff my old wet ram doesn't recall, and that someone else can chime in to help. Looking at VERSION in the current git master it says 4.0.0alpha. But now it uses autogen, and I only get about 10 lines in with autogen: ------------------------------------------------ root@coyote:amanda-master$ su amanda -c "bash autogen" See DEVELOPING for instructions on updating: * gettext macros * gnulib * libtool files ..creating file lists config/set_full_version: line 21: conftemp.svn: Permission denied config/set_full_version: line 81: FULL_VERSION: Permission denied ..aclocal aclocal: error: config/amanda/version.m4:19: file 'FULL_VERSION' does not exist aclocal failed -------------------------------------------------- and I have close to zip experience with autogen. We are no longer using svn, its at git-hub so thats the first thing that needs fixed. Beyond that, its going to have to be someone with git perms to fix it. And if more help isn't forthcoming from Betsol, this may be The Fork. Dustin Mitchel might be able to help if he has the time since much of the 4.0.0alpha code came from his work on it years ago. I couldn't build his last 4 or 5 snapshots, then his grant ran out, or something. ============================ I just printed Chriss's last message, so I am going to follow his to the letter and see how far I get, the last time I either didn't follow exactly or I failed. Has anyone else succeeded??? Copyright 2019 by Maurice E. Heskett Cheers, Gene Heskett -- "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) Genes Web page <http://geneslinuxbox.net:6309/gene>
