amanda-server 3.5.1
Hi,
I've recently started using amgtar instead of tar to reduce/remove the
STRANGE output in daily backup reports.
I now get a lot of permission warnings and errors. Of particular concern
are the 'Operation not permitted' messages:
STRANGE DUMP DETAILS:
/-- lambo.motec.com.au /etc lev 0 STRANGE
sendbackup: info BACKUP=APPLICATION
sendbackup: info APPLICATION=amgtar
sendbackup: info RECOVER_CMD=/usr/bin/gzip -dc
|/usr/lib64/amanda/application/amgtar restore [./file-to-restore]+
sendbackup: info COMPRESS_SUFFIX=.gz
sendbackup: info end
? /usr/bin/tar: ./amanda: Warning: Cannot open: Operation not permitted
? /usr/bin/tar: ./sssd: Warning: Cannot open: Operation not permitted
? /usr/bin/tar: ./polkit-1/rules.d: Warning: Cannot open: Operation not
permitted
? /usr/bin/tar: ./tcsd.conf: Warning: Cannot open: Operation not permitted
? /usr/bin/tar: ./pki/tls/private/lambo.motec.com.au-key.pem: Warning:
Cannot open: Operation not permitted
| Total bytes written: 43335680 (42MiB, 15MiB/s)
sendbackup: size 42320
sendbackup: native-CRC c7d9a01b:43335680
sendbackup: client-CRC 0efa0396:23044040
sendbackup: end
\--------
/-- lambo.motec.com.au /root lev 0 STRANGE
sendbackup: info BACKUP=APPLICATION
sendbackup: info APPLICATION=amgtar
sendbackup: info RECOVER_CMD=/usr/bin/gzip -dc
|/usr/lib64/amanda/application/amgtar restore [./file-to-restore]+
sendbackup: info COMPRESS_SUFFIX=.gz
sendbackup: info end
| Can't open exclude file '/root/.amanda.excludes': No such file or
directory
? /usr/bin/tar: ./.ssh/id_rsa.centos: Warning: Cannot open: Operation not
permitted
| Total bytes written: 10577920 (11MiB, 84MiB/s)
sendbackup: size 10330
sendbackup: native-CRC dc1f4c6f:10577920
sendbackup: client-CRC 56774191:953733
sendbackup: end
\--------
/-- lambo.motec.com.au / lev 0 STRANGE
sendbackup: info BACKUP=APPLICATION
sendbackup: info APPLICATION=amgtar
sendbackup: info RECOVER_CMD=/usr/bin/gzip -dc
|/usr/lib64/amanda/application/amgtar restore [./file-to-restore]+
sendbackup: info COMPRESS_SUFFIX=.gz
sendbackup: info end
| /usr/bin/tar: ./dev: directory is on a different filesystem; not dumped
| /usr/bin/tar: ./proc: directory is on a different filesystem; not dumped
| /usr/bin/tar: ./run: directory is on a different filesystem; not dumped
| /usr/bin/tar: ./sys: directory is on a different filesystem; not dumped
? /usr/bin/tar: ./etc/amanda: Warning: Cannot open: Operation not
permitted
? /usr/bin/tar: ./etc/sssd: Warning: Cannot open: Operation not permitted
? /usr/bin/tar: ./etc/polkit-1/rules.d: Warning: Cannot open: Operation
not permitted
? /usr/bin/tar: ./home/centos: Warning: Cannot open: Operation not
permitted
| /usr/bin/tar: ./mnt/s3backup: directory is on a different filesystem;
not dumped
? /usr/bin/tar: ./usr/share/polkit-1/rules.d: Warning: Cannot open:
Operation not permitted
? /usr/bin/tar: ./var/cache/httpd: Warning: Cannot open: Operation not
permitted
? /usr/bin/tar: ./var/lib/amanda: Warning: Cannot open: Operation not
permitted
? /usr/bin/tar: ./var/lib/chrony: Warning: Cannot open: Operation not
permitted
? /usr/bin/tar: ./var/lib/dav: Warning: Cannot open: Operation not
permitted
? /usr/bin/tar: ./var/lib/httpd: Warning: Cannot open: Operation not
permitted
Look in the
'/var/log/amanda/log.error/lambo.motec.com.au._.0.20210118200344.errout'
file for full error messages
\--------
/-- lambo.motec.com.au /home lev 0 STRANGE
sendbackup: info BACKUP=APPLICATION
sendbackup: info APPLICATION=amgtar
sendbackup: info RECOVER_CMD=/usr/bin/gzip -dc
|/usr/lib64/amanda/application/amgtar restore [./file-to-restore]+
sendbackup: info COMPRESS_SUFFIX=.gz
sendbackup: info end
? /usr/bin/tar: ./centos: Warning: Cannot open: Operation not permitted
| Total bytes written: 10240 (10KiB, 12MiB/s)
sendbackup: size 10
sendbackup: native-CRC 7b63f995:10240
sendbackup: client-CRC a152eb4c:451
sendbackup: end
\--------
/-- lambo.motec.com.au /var lev 0 STRANGE
sendbackup: info BACKUP=APPLICATION
sendbackup: info APPLICATION=amgtar
sendbackup: info RECOVER_CMD=/usr/bin/gzip -dc
|/usr/lib64/amanda/application/amgtar restore [./file-to-restore]+
sendbackup: info COMPRESS_SUFFIX=.gz
sendbackup: info end
? /usr/bin/tar: ./cache/httpd: Warning: Cannot open: Operation not
permitted
? /usr/bin/tar: ./lib/amanda: Warning: Cannot open: Operation not
permitted
? /usr/bin/tar: ./lib/chrony: Warning: Cannot open: Operation not
permitted
? /usr/bin/tar: ./lib/dav: Warning: Cannot open: Operation not permitted
? /usr/bin/tar: ./lib/httpd: Warning: Cannot open: Operation not permitted
? /usr/bin/tar: ./lib/openvpn: Warning: Cannot open: Operation not
permitted
? /usr/bin/tar: ./lib/postfix: Warning: Cannot open: Operation not
permitted
? /usr/bin/tar: ./lib/rpcbind: Warning: Cannot open: Operation not
permitted
? /usr/bin/tar: ./lib/setroubleshoot: Warning: Cannot open: Operation not
permitted
? /usr/bin/tar: ./lib/tpm: Warning: Cannot open: Operation not permitted
? /usr/bin/tar: ./lib/unbound: Warning: Cannot open: Operation not
permitted
| /usr/bin/tar: ./lib/nfs/rpc_pipefs: directory is on a different
filesystem; not dumped
? /usr/bin/tar: ./lib/nfs/statd: Warning: Cannot open: Operation not
permitted
? /usr/bin/tar: ./lib/sss/db: Warning: Cannot open: Operation not
permitted
? /usr/bin/tar: ./lib/sss/gpo_cache: Warning: Cannot open: Operation not
permitted
Look in the
'/var/log/amanda/log.error/lambo.motec.com.au._var.0.20210118200116.errout'
file for full error messages
\--------
The amgtar application is set UID root:
# ls -l /usr/lib64/amanda/application/amgtar
-rwsr-x---. 1 root disk 60368 May 15 2019
/usr/lib64/amanda/application/amgtar
Why am I seeing these errors and warnings about access?
Also, the man page says there are defaults for NORMAL and STRANGE but these
'defaults' don't seem to be included into the application definition when I
dump the config information with amadmin daily config:
Config file excerpt:
#define application-tool and dumptype for the amgtar application
define application-tool app_amgtar {
comment "amgtar"
plugin "amgtar"
property "XATTRS" "YES"
property "ACLS" "YES"
#property "GNUTAR-PATH" "/path/to/gtar"
#property "GNUTAR-LISTDIR" "/path/to/gnutar_list_dir"
# property "NORMAL" ": socket ignored$"
# property append "NORMAL" ": file changed as we read it$"
# property append "NORMAL" ": directory is on a different filesystem;
not dumped$"
}
$ amadmin daily config :
DEFINE APPLICATION app_amgtar {
COMMENT "amgtar"
PLUGIN "amgtar"
PROPERTY visible "xattrs" "YES"
PROPERTY visible "acls" "YES"
CLIENT-NAME ""
}
Uncommenting the 'property "NORMAL"' lines in the config changes the
definition:
#define application-tool and dumptype for the amgtar application
define application-tool app_amgtar {
comment "amgtar"
plugin "amgtar"
property "XATTRS" "YES"
property "ACLS" "YES"
#property "GNUTAR-PATH" "/path/to/gtar"
#property "GNUTAR-LISTDIR" "/path/to/gnutar_list_dir"
property "NORMAL" ": socket ignored$"
property append "NORMAL" ": file changed as we read it$"
property append "NORMAL" ": directory is on a different filesystem; not
dumped$"
}
$ amadmin daily config :
DEFINE APPLICATION app_amgtar {
COMMENT "amgtar"
PLUGIN "amgtar"
PROPERTY visible "xattrs" "YES"
PROPERTY visible "acls" "YES"
PROPERTY visible "normal" ": socket ignored$" ": file
changed as we read it$" ": directory is on a different filesystem; not
dumped$"
CLIENT-NAME ""
}
Is the man page incorrect? Are the 'defaults' really applied or do I have
to manually specify them in the config file?
*Kind regards,*
*Tom Robinson *
*IT Manager/System Administrator*
*MoTeC Pty Ltd*121 Merrindale Drive
Croydon South 3136
Victoria Australia
*T:* 61 3 9761 5050
*W: *www.motec.com
<https://www.facebook.com/motec.global>
<https://www.youtube.com/user/MoTeCAustralia>
<https://www.instagram.com/motec_global/>
<http://www.motec.com/webinars/webinararchive/>
<http://www.motec.com.au/forum/>
<https://www.motec.com.au/gplite-m1/gplite-m1-ov/>
*Disclaimer Notice: **T**his message, including any attachments, contains
confidential information intended for a specific individual and purpose and
is protected by law. If you are not the intended recipient you should
delete this message. Any disclosure, copying, or distribution of this
message or the taking of any action based on it is strictly prohibited.*
