On Sunday 26 May 2019 12:08:37 pm Nathan Stratton Treadway wrote: > On Sun, May 26, 2019 at 09:24:35 -0400, Gene Heskett wrote: > > On Sunday 26 May 2019 04:48:59 am Gene Heskett wrote: > > > On Saturday 25 May 2019 11:46:46 pm Nathan Stratton Treadway wrote: > > > > Then, from that checkout directory, run your gh.cf script to > > > > kick off the build (first making sure the --with-security-file= > > > > line is what you want it to be)... and see what happens.... > > > > > > My script has never had that line, as its using > > > --with-bsd-security --with-amandahosts \ > > > and that has worked for around a decade using the repos .deb > > > clients. Do I need to change that? > > Note that the "--with-XXX-security" options are completely different > than the "--with-security-file=<path-to-file>" option. > > I found the thread where you hit the problem before (of course it was > buried under an unrelated Subject line...). Look for the > message > From: Gene Heskett <ghesk...@shentel.net> > To: amanda-users@amanda.org > Subject: Re: Zmanda acquired from Carbonite by BETSOL -- future of > Amanda development Date: Thu, 4 Oct 2018 07:11:15 -0400 > > (currently found in archives at > https://www.mail-archive.com/amanda-users@amanda.org/msg49927.html > or > > http://www.backupcentral.com/forum/14/291870/291873/re__zmanda_acquire >d_from_carbonite_by_betsol_--_future_of_amanda_development#msg-291873 ) > > Anyway, the point is that last October you definitely changed your > gh.cf script to include > "--with-security-file=/etc/amanda-security.conf"... > > > [For what it's worth I found several occasions between then and now in > which you posted a copies of your gh.cf script to the list, and those > copies did include the --with-security-file option. So perhaps you > have a different version of your script stashed somewhere else? > > For example, though the rest of the thread is unrelated to the > discussion today, the copy of your script posted in the following > message includes not only --with-security-file but also > --with-amandates-file added below that (both of which are missing from > the version you posted on yesterday): > > From: Gene Heskett <ghesk...@shentel.net> > To: amanda-users@amanda.org > Subject: amanda backup fails > Date: Mon, 10 Dec 2018 19:05:23 -0500 > > https://www.mail-archive.com/amanda-users@amanda.org/msg50346.html > ] > > > but I cannot seem to fix this erronious error. > > [...] > > > Amanda Backup Client Hosts Check > > -------------------------------- > > ERROR: coyote: selfcheck request failed: file/dir '/usr/local/etc' > > (/usr/local/etc/amanda-security.conf) is writable by the group > > ERROR: shop: selfcheck request failed: file/dir '/usr/local/etc' > > (/usr/local/etc/amanda-security.conf) is writable by the group > > ERROR: picnc: selfcheck request failed: file/dir '/usr/local/etc' > > (/usr/local/etc/amanda-security.conf) is writable by the group > > ERROR: GO704: selfcheck request failed: file/dir '/usr/local/etc' > > (/usr/local/etc/amanda-security.conf) is writable by the group > > ERROR: lathe: selfcheck request failed: file/dir '/usr/local/etc' > > (/usr/local/etc/amanda-security.conf) is writable by the group > > Client check: 5 hosts checked in 13.184 seconds. 5 problems found. > > (brought to you by Amanda 3.5.1.git.19364c7b) > > [...] > > > amanda@coyote:~/amanda$ ls -l /usr/local/etc/ > > total 48 > > drwx------ 3 amanda backup 4096 May 26 04:17 amanda > > -rw-r--r-- 1 amanda backup 55 Jul 17 2014 amanda-client.conf > > -rwx------ 1 root staff 2033 May 26 08:41 amanda-security.conf > > and as you can see, is not writeable by group but /etc/group > > amanda-security.conf itself is not writable by group... but _this_ > error message (unlike the one in the previous email) is complaining > about the "/usr/local/etc" directory.
So in order to keep it a little closer together, I used that exact path in gh.cf, and a rebuild is in progress. There is I believe a duplicate file in /etc/amanda in case I should load a deb someday. There must be a default builtin if its not specced. And I suspect it wasn't actually looking at that exact file. So much for accurate error msgs. Its also building every device file in the basket, and ndmp seems not to have had any tlc as 99% of the deprecated errors are coming from code belonging to ndmp or its ilk. So once I've made it work and get a schedule running again, I may embark on a kill one device build a day until I've striped the local copy to just all I actually need to make vtapes. > > This is the problem you were working on last October (in the > above-referenced thread and a couple of others in that same > timeframe), but based on the referenced message I believe the solution > you settled on at that time was to use > "--with-security-file=/etc/amanda-security.conf" in your build script > -- with that, you do not need to worry about the group permissions on > each parent directory in the /usr/local/etc path... > > So, I think your best bet is to stick with your earlier solution, i.e. > do another rebuild with that option added back in to the script. > After that it should be easy to resolve the amnda-security.conf > permission checks. > > (If I remember correctly the build-install cycle should create a new > /etc/amanda-security.conf file for you. If not I guess you'll find > out as soon as you try amcheck, and then you can copy/move the > existing one into /etc/ ....) Or /usr/local/etc, which is the convention for locally built stuffs. > Hummm, looks like the install script is now broken: ERROR: program /usr/local/libexec/amanda/ambind: not executable -rwsr-x--- 1 root disk 26840 May 26 17:05 ambind -rwsr-x--- 1 root disk 56904 May 26 17:06 calcsize -rwsr-x--- 1 root disk 41592 May 26 17:06 runtar thats an odd set of perms for the three of those. And the former error bitching about the amanda-security.conf file has now been replaced with: ERROR: picnc: selfcheck request failed: amcheck-clients: error [exec /usr/local/libexec/amanda/ambind: Permission denied] ERROR: shop: selfcheck request failed: amcheck-clients: error [exec /usr/local/libexec/amanda/ambind: Permission denied] ERROR: lathe: selfcheck request failed: amcheck-clients: error [exec /usr/local/libexec/amanda/ambind: Permission denied] ERROR: coyote: selfcheck request failed: amcheck-clients: error [exec /usr/local/libexec/amanda/ambind: Permission denied] ERROR: GO704: selfcheck request failed: amcheck-clients: error [exec /usr/local/libexec/amanda/ambind: Permission denied] So what permissions are those 3 files _supposed_ to have? And what do we do to the Makefile to fix it? Getting noisy out and the lights are blinking, I'd better hit ctl+return Thanks Nathan. > Nathan > > ---------------------------------------------------------------------- >------ Nathan Stratton Treadway - natha...@ontko.com - Mid-Atlantic > region Ray Ontko & Co. - Software consulting services - > http://www.ontko.com/ GPG Key: > http://www.ontko.com/~nathanst/gpg_key.txt ID: 1023D/ECFB6239 Key > fingerprint = 6AD8 485E 20B9 5C71 231C 0C32 15F3 ADCD ECFB 6239 Copyright 2019 by Maurice E. Heskett Cheers, Gene Heskett -- "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) Genes Web page <http://geneslinuxbox.net:6309/gene>
