On Sunday 26 May 2019 07:58:30 pm Nathan Stratton Treadway wrote: > On Sun, May 26, 2019 at 17:24:47 -0400, Gene Heskett wrote: > > On Sunday 26 May 2019 12:08:37 pm Nathan Stratton Treadway wrote: > > > > So in order to keep it a little closer together, I used that exact > > path in gh.cf, and a rebuild is in progress. There is I believe a > > Just to make sure we're on the same page, please post here the actual > version of the gh.cf you are using for your current build.... > > > > (If I remember correctly the build-install cycle should create a > > > new /etc/amanda-security.conf file for you. If not I guess you'll > > > find out as soon as you try amcheck, and then you can copy/move > > > the existing one into /etc/ ....) > > > > Or /usr/local/etc, which is the convention for locally built stuffs. > > (Well, the point is you might have to copy it into the path you > designated in --with-security-file= .... and given what Charles just > discovered in his testing, it looks the install process will NOT put > it there automatically, so you will need to copy the file into place > if it isn't left over there from earlier. > > [See the threads from last October to review the discussion as to why > /usr/local/etc is not suitable for the amanda-security.conf file on > your particular server.]) > > > Hummm, looks like the install script is now broken: > > ERROR: program /usr/local/libexec/amanda/ambind: not executable > > -rwsr-x--- 1 root disk 26840 May 26 17:05 ambind > > -rwsr-x--- 1 root disk 56904 May 26 17:06 calcsize > > -rwsr-x--- 1 root disk 41592 May 26 17:06 runtar > > > > thats an odd set of perms for the three of those. And the former > > error bitching about the amanda-security.conf file has now been > > replaced with: ERROR: picnc: selfcheck request failed: > > amcheck-clients: error [exec /usr/local/libexec/amanda/ambind: > > Permission denied] ERROR: shop: selfcheck request failed: > > amcheck-clients: error [exec /usr/local/libexec/amanda/ambind: > > Permission denied] ERROR: lathe: selfcheck request failed: > > amcheck-clients: error [exec /usr/local/libexec/amanda/ambind: > > Permission denied] ERROR: coyote: selfcheck request failed: > > amcheck-clients: error [exec /usr/local/libexec/amanda/ambind: > > Permission denied] ERROR: GO704: selfcheck request failed: > > amcheck-clients: error [exec /usr/local/libexec/amanda/ambind: > > Permission denied] > > > > So what permissions are those 3 files _supposed_ to have? > > (Actually, those look correct.) > > Earlier today (in a separate thread) you wrote: > > Whereas I have user=amanda > > and group=backup > > ... which does not match (as far as the group) what you specified in > your gh.cf script (at least in versions I have seen so far). > > > What do > # grep amanda /etc/passwd /etc/group > and > # grep backup /etc/passwd /etc/group > show on that box? I posted that already, but something may have changed, so
root@coyote:amanda$ grep amanda /etc/passwd amanda:x:1001:1001:xxxxxxxx,0,,:/home/amanda:/bin/bash root@coyote:amanda$ grep amanda /etc/group mail:x:8:gene,amanda amanda:x:1001:backup root@coyote:amanda$ grep backup /etc/group disk:x:6:gene,backup backup:x:34: amanda:x:1001:backup root@coyote:amanda$ grep backup /etc/passwd backup:x:34:34:backup:/var/backups:/bin/bash > > Nathan > > > ---------------------------------------------------------------------- >------ Nathan Stratton Treadway - natha...@ontko.com - Mid-Atlantic > region Ray Ontko & Co. - Software consulting services - > http://www.ontko.com/ GPG Key: > http://www.ontko.com/~nathanst/gpg_key.txt ID: 1023D/ECFB6239 Key > fingerprint = 6AD8 485E 20B9 5C71 231C 0C32 15F3 ADCD ECFB 6239 ================================================== #!/bin/sh # since I'm always forgetting to su amanda... if [ `whoami` != 'amanda' ]; then echo echo "!!!!!!!!!!!!!!!!!! Warning !!!!!!!!!!!!!!!!!!!" echo "Amanda needs to be configured and built by the" echo "user amanda, but must be installed by user root." echo exit 1 fi make clean rm -f config.status config.cache ./configure --with-user=amanda \ --with-group=disk \ --with-owner=amanda \ --with-gnu-ld \ --prefix=/usr/local/ \ --with-debugging=/tmp/amanda-dbg/ \ --with-tape-server=coyote \ --with-bsdtcp-security --with-amandahosts \ --with-configdir=/usr/local/etc/amanda \ --enable-manpage-build \ --with-readline \ --with-security-file=/usr/local/etc/amanda-security.conf \ --with-gnutar=/bin/tar echo "sleeping for reading configures warnings" echo "a make as amanda will continue after 75 seconds..." sleep 75 make ===================================================== And I see the group is wrong, shoulda been backup. I'll fix that tomorrow. Disk is getting rather close to the iron and bypasses one level of permissions lookup. It also probably screws with xinetd's mind because it set for a different backup group. I had that amanda-security.conf laying in 4 or so places, so I nuked them all and reran a make install, and it actually put the fresh copy in /u/l/e/a/amanda-security.conf, I moved it back one level and that made amcheck happy about that. Makefile funnies? We are gradually getting there. Thanks Nathan. Copyright 2019 by Maurice E. Heskett Cheers, Gene Heskett -- "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) Genes Web page <http://geneslinuxbox.net:6309/gene>
