On Mon, May 17, 2004 at 03:40:16PM -0400, Joe Konecny wrote:
> First install of amanda... Freebsd 5.2.1, Amanda 2.4.4p2.
> I used bin and operator when compiling.
I much prefer to create a new userid just for Amanda. If it runs
as bin, then it can write to a large part of the system (no
special privileges kernel-wise, but typically a *lot* of stuff is
owned by bin). The principle of "least privilege" says that's an
unsafe idea -- if an attacker gets in, it gives them a(nother)
possible way to escalate privilege, plant trojans, etc. But if
you're determined to let Amanda run as bin...
> 1. Where does .amandahosts go for the bin user? /bin?
.amandahosts goes in the bin user's home directory, as specified
in /etc/passwd.
> I get an error "ERROR: r4p17: [access as bin not allowed
> from [EMAIL PROTECTED] open of //.amandahosts failed.
Looks like that's /.amandahosts on your box (the extra "/" has no
significance; it probably comes from the code's doing the C
equivalent of:
homedir="/" # Actually, looking it up in /etc/passwd
file="${homedir}/.amandahosts"
).
--
| | /\
|-_|/ > Eric Siegerman, Toronto, Ont.[EMAIL PROTECTED]
| | /
It must be said that they would have sounded better if the singer
wouldn't throw his fellow band members to the ground and toss the
drum kit around during songs.
- Patrick Lenneau
