Am Mittwoch, 30. März 2011, 10:53:58 schrieb Kern Sibbald: > On Wednesday 30 March 2011 10:07:11 Eric Bollengier wrote: > > Hello Philipp, > > > > Le dimanche 27 mars 2011 11:03:24, Philipp Storz a écrit : > > > Hello bacula developers, > > > > > > we found that the bacula start scripts do not start the bacula daemons > > > with the parameters for user and group. > > > As a result, the daemons always run as root/root. > > > > > > I have attached a patch that patches the template files for the start > > > scripts , so that the daemons are started correctly. > > > > Can you make a try to add the -u and -g option to the startproc program > > instead of the bacula daemon? > > > > When you have a problem such as a segfault, the process can't attach gdb > > to itself because the uid/gid changed from root to a normal user (ptrace > > problem). > > > > I don't know if suse has this problem or not, can you try the backtrace > > generation with a simple kill -ABRT $(pidof bacula-dir) ? You should find > > the backtrace file somewhere with full information. > > Philipp, > > I concur with Eric. The change you proposed will not work. One cannot fix > the problem at installation time. It must be fixed when Bacula begins > execution, and in some cases the problem may be more fundamental because > log files and cons files can be created at any time while Bacula is > running. This may require a change to the permissions/group of the > directories themselves.
Hello Kern, are you referring to my suggestion how to fix the permissions of exising installations? I know that this is not a clean way to fix the permissions of an existing installation, and there will have to be done much more to really have an automated way to fix all permissions. Another way could be to inform somebody that is doing an upgrade that he may run into permission problems that have to be fixed. My question is: do we want to have the daemons running in minimum rights also on suse? The redhat scripts seem to use the -u and -g options when starting the director, and I think that this would also make sense on suse. If we decide to do so, then we can find a way to implement a way to upgrade to the more secure rights. Best regards, Philipp > > Regards, > > Kern > -- Philipp Storz philipp.st...@dass-it.de dass IT GmbH Phone: +49.221.3565666-92 http://www.dass-IT.de/ Fax : +49.221.3565666-10 Sitz der Gesellschaft: Köln | Amtsgericht Köln: HRB52500 GF: Stephan Dühr, Maik Außendorf, Jörg Steffens, Philipp Storz ------------------------------------------------------------------------------ Enable your software for Intel(R) Active Management Technology to meet the growing manageability and security demands of your customers. Businesses are taking advantage of Intel(R) vPro (TM) technology - will your software be a part of the solution? Download the Intel(R) Manageability Checker today! http://p.sf.net/sfu/intel-dev2devmar _______________________________________________ Bacula-devel mailing list Bacula-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-devel
