Re: amanda 3.3.3

Thu, 14 Nov 2013 09:47:27 -0800 

Hi Upen,

Am 14.11.2013 um 18:42 schrieb upen:
> By the way, after moving the configuration, I saw amcheck failed with
> 'permission denied'. This looked likeissue with permissions on the
> amcheck binary.
> 
> Iamroot#su - amanda -c "/opt/csw/sbin/amcheck -a monthlyfull"
> Amanda Backup Client Hosts Check
> --------------------------------
> WARNING: client: selfcheck request failed: Permission denied
> Client check: 1 host checked in 10.023 seconds.  1 problem found.
> 
> Debug log for amcheck:
> Thu Nov 14 11:13:19 2013: thd-34400: amcheck-clients: connect_port:
> Skip port 513: owned by login.
> Thu Nov 14 11:13:19 2013: thd-34400: amcheck-clients: connect_port:
> Skip port 514: owned by shell.
> Thu Nov 14 11:13:19 2013: thd-34400: amcheck-clients: connect_port:
> Skip port 515: owned by printer.
> Thu Nov 14 11:13:19 2013: thd-34400: amcheck-clients: make_socket
> opening socket with family 2
> Thu Nov 14 11:13:19 2013: thd-34400: amcheck-clients: connect_port:
> Try  port 516: available - Permission denied
> Thu Nov 14 11:13:19 2013: thd-34400: amcheck-clients: stream_client:
> Could not bind to port in range 512-1023.
> Thu Nov 14 11:13:19 2013: thd-34400: amcheck-clients:
> security_seterror(handle=55d50, driver=ff17c360 (BSDTCP)
> error=Permission denied)
> Thu Nov 14 11:13:19 2013: thd-34400: amcheck-clients:
> security_close(handle=55d50, driver=ff17c360 (BSDTCP))
> 
> The permissions on the below binaries are not  set-uid root.
> bash-3.00# ls -al /opt/csw/sbin/am*
> -rwxr-xr-x   1 root     bin        15399 Apr 24  2013 
> /opt/csw/sbin/amaddclient
> -rwxr-xr-x   1 root     bin        53872 Apr 24  2013 /opt/csw/sbin/amadmin
> -rwxr-xr-x   1 root     bin         3383 Apr 24  2013 /opt/csw/sbin/amaespipe
> -rwxr-xr-x   1 root     bin        15604 Apr 24  2013 /opt/csw/sbin/amarchiver
> -rwxr-xr-x   1 root     bin        64132 Apr 24  2013 /opt/csw/sbin/amcheck
> -rwxr-xr-x   1 root     bin         1859 Apr 24  2013 /opt/csw/sbin/amcheckdb
> -rwxr-xr-x   1 root     bin        14587 Apr 24  2013 
> /opt/csw/sbin/amcheckdump
> -rwxr-xr-x   1 root     bin         6356 Apr 24  2013 /opt/csw/sbin/amcleanup
> -rwxr-xr-x   1 root     bin         4254 Apr 24  2013
> /opt/csw/sbin/amcleanupdisk
> -rwxr-xr-x   1 root     bin         1065 Apr 24  2013 /opt/csw/sbin/amcrypt
> -rwxr-xr-x   1 root     bin         3209 Apr 24  2013 
> /opt/csw/sbin/amcrypt-ossl
> -rwxr-xr-x   1 root     bin         6982 Apr 24  2013
> /opt/csw/sbin/amcrypt-ossl-asym
> -rwxr-xr-x   1 root     bin         4660 Apr 24  2013
> /opt/csw/sbin/amcryptsimple
> -rwxr-xr-x   1 root     bin         4613 Apr 24  2013 /opt/csw/sbin/amdevcheck
> -rwxr-xr-x   1 root     bin        10705 Apr 24  2013 /opt/csw/sbin/amdump
> -rwxr-xr-x   1 root     bin         4876 Apr 24  2013
> /opt/csw/sbin/amdump_client
> -rwxr-xr-x   1 root     bin        27510 Apr 24  2013 
> /opt/csw/sbin/amfetchdump
> -rwxr-xr-x   1 root     bin        27068 Apr 24  2013 /opt/csw/sbin/amflush
> -rwxr-xr-x   1 root     bin        12529 Apr 24  2013 /opt/csw/sbin/amgetconf
> -rwxr-xr-x   1 root     bin         2741 Apr 24  2013 /opt/csw/sbin/amgpgcrypt
> -rwxr-xr-x   1 root     bin        11490 Apr 24  2013 /opt/csw/sbin/amlabel
> -rwxr-xr-x   1 root     bin       150028 Apr 24  2013 
> /opt/csw/sbin/amoldrecover
> -rwxr-xr-x   1 root     bin         6576 Apr 24  2013 /opt/csw/sbin/amoverview
> -rwxr-xr-x   1 root     bin         6110 Apr 24  2013 /opt/csw/sbin/amplot
> -rwxr-xr-x   1 root     bin       138924 Apr 24  2013 /opt/csw/sbin/amrecover
> -rwxr-xr-x   1 root     bin        18067 Apr 24  2013 /opt/csw/sbin/amreport
> -rwxr-xr-x   1 root     bin        13005 Apr 24  2013 /opt/csw/sbin/amrestore
> -rwxr-xr-x   1 root     bin         9120 Apr 24  2013 /opt/csw/sbin/amrmtape
> -rwxr-xr-x   1 root     bin        21487 Apr 24  2013
> /opt/csw/sbin/amserverconfig
> -rwxr-xr-x   1 root     bin        16616 Apr 24  2013 /opt/csw/sbin/amservice
> -rwxr-xr-x   1 root     bin        50440 Apr 24  2013 /opt/csw/sbin/amstatus
> -rwxr-xr-x   1 root     bin        19936 Apr 24  2013 /opt/csw/sbin/amtape
> -rwxr-xr-x   1 root     bin        23098 Apr 24  2013 /opt/csw/sbin/amtapetype
> -rwxr-xr-x   1 root     bin         7730 Apr 24  2013 /opt/csw/sbin/amtoc
> -rwxr-xr-x   1 root     bin        30300 Apr 24  2013 /opt/csw/sbin/amvault
> 
> 
> I changed permissions on amcheck (chmod u+s amcheck) and 'permission
> denied' issue was resolved immediately.
> 
> Now I am not sure how many of those binaries have to have set-uid
> root. I don't have record of permissions for binaries that came with
> CSWamanda# 3.1.1. Can someone advice?

I guess this was missed when converting from the legacy package to our new 
buildsystem:
  
http://sourceforge.net/apps/trac/gar/browser/csw/mgar/pkg/amanda/trunk/Makefile
(See --disable-installperms) This needs to be converted to permission settings 
in
the package.

> Also, I am not sure if this issue happened on my box because I
> installed new version just by doing 'pkgutil -u amanda  ' instead of
> uninstalling the 3.1.1 and then installing the new version from fresh.
> Or those permissions coming straight from the package?

This is a problem with the package. Would you please open a bug report?
  http://www.opencsw.org/packages/amanda/


Best regards

  -- Dago

Reply via email to