On Mon, Apr 18, 2005 at 04:17:16PM +0100, Chuck Amadi wrote:
> Hi reinstalled amanda as Root make distclean 
> As amanda ./configure --( My preferences)
> As amanada make
> As Root make install
> 
> Thus checked /local/sw/amanda/bckup/sbin/amcheck ls -al command the
> output as below:
> 
> -rwsr-x---  1 root   disk  86322 Apr 18 16:03 amcheck
> 
> But when I run the following amcheck command
> 
> myserver:/local/sw/amanda/bckup/sbin # su amanda -c
> "/local/sw/amanda/bckup/sbin/amcheck"
> zsh: permission denied: /local/sw/amanda/bckup/sbin/amcheck
> myservefr:/local/sw/amanda/bckup/sbin #
> 
> Im going a bit crazy Now! as I assume the sticky bit would sort out the
> permission issue.


For some things amanda absolutely needs root privileges.
But there is a principle which amanda trys to adhere to
of "least privileges for the task".  So although the binary
amcheck is now properly owned by root, properly setuid'ed,
and probably properly group owned by disk, for some tasks
amcheck may create child processes that lack root privilege.

One of those I think is disk (if using dump rather than tar)
and tape access.  It may be necessary to check the permissions
on your devices to ensure they are group "disk" readable and
for the tape, writable.


As to executing amcheck, note that the owner root can execute it,
members of group disk can execute it, but the rest of the world
can not.  Were you root when you executed it, no you were amanda.
So you the user had to be a member of group disk to execute it.
What group(s) does user 'amanda' have rights to?  Did you get them
after doing the 'su' command?  The cmd 'id' will tell you the latter.


-- 
Jon H. LaBadie                  jon AT jgcomp DOT com
 JG Computing
 4455 Province Line Road        (609) 252-0159
 Princeton, NJ  08540-4322      (609) 683-7220 (fax)