On Wed, Sep 04, 2019 at 05:48:41 -0600, Charles Curley wrote:
> On Wed, 4 Sep 2019 07:02:58 -0400
> Gene Heskett <[email protected]> wrote:
>
> > FAILURE DUMP SUMMARY:
> > picnc / lev 0 FAILED ["security file '/etc/amanda-security.conf'
> > do not allow to run '/usr/bin/tar' as root for 'amgtar:gnutar_path'"]
> > picnc /boot lev 0 FAILED ["security file
> > '/etc/amanda-security.conf' do not allow to run '/usr/bin/tar' as
> > root for 'amgtar:gnutar_path'"]
> >
> > What is the official, it actually works fix? There is no amgtar in
> > the debian supplied packages.
>
> I don't know about official. But, based on your locating amgtar, I
> suggest you try
>
> amgtar:gnutar_path=/usr/lib/amanda/application/amgtar
>
> in your /etc/amanda-security.conf. Then use amcheck to verify.
Actually this line isn't giving the path to the amgtar binary, but
rather is specifying the path to the GNU tar binary that amgtar is
allowed to invoke. (The point being that amgtar and its
program/application siblings are SUID root, so you need to carefully
restrict the binaries each one is allowed to invoke.)
You can see from Gene's error messages that it's currently trying to run
"/usr/bin/tar" -- and that is what you would expect on a usrmerged
system. So he just needs to grant that permission (i.e. with a
amgtar:gnutar_path=/usr/bin/tar
line.)
On a particular system that is already usrmerged (such as picnc is in
the above example) there isn't a need for the matching
amgtar:gnutar_path=/bin/tar
line... so I don't think Gene would need to add that line to the file
unless he were planning to share that same edited amanda-security.conf
file between usrmerged and un-usrmerged systems.
Nathan
----------------------------------------------------------------------------
Nathan Stratton Treadway - [email protected] - Mid-Atlantic region
Ray Ontko & Co. - Software consulting services - http://www.ontko.com/
GPG Key: http://www.ontko.com/~nathanst/gpg_key.txt ID: 1023D/ECFB6239
Key fingerprint = 6AD8 485E 20B9 5C71 231C 0C32 15F3 ADCD ECFB 6239
