Re: setuid bits on some binaries

[Jean-Louis Martineau]

On 10/31/2013 06:15 AM, Petr Hracek wrote:

Hi amanda users,

I have just a tricky question:
I observed that in Fedora we are delivering amanda where some binaries 
have setuid bits.


Are the suid bits really needed for amanda working properly?

List of affected binaries is (mode 104750):
/usr/lib/amanda/application/amstar
/usr/lib/amanda/calcsize
/usr/lib/amanda/rundump
/usr/lib/amanda/runtar
/usr/lib/amanda/dumper
/usr/lib/amanda/planner


Yes, they are needed, some files are missing:
/usr/lib/amanda/application/amgtar
/usr/sbin/amcheck
/usr/sbin/amservice

They needs root because they either read the filesystem or open a 
privileged port (<1024)




Is it necessary to have setgid bit on the directory /var/log/amanda?


I think no, my logdir is 700.

Jean-Louis

setuid bits on some binaries

[Petr Hracek]

Hi amanda users,

I have just a tricky question:
I observed that in Fedora we are delivering amanda where some binaries 
have setuid bits.


Are the suid bits really needed for amanda working properly?

List of affected binaries is (mode 104750):
/usr/lib/amanda/application/amstar
/usr/lib/amanda/calcsize
/usr/lib/amanda/rundump
/usr/lib/amanda/runtar
/usr/lib/amanda/dumper
/usr/lib/amanda/planner

Is it necessary to have setgid bit on the directory /var/log/amanda?

--
Best regards / S pozdravem
Petr Hracek