Amanda-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: UID under which amanda services should run, if backup server is only client?

2007-07-02 11:45:32
Subject: Re: UID under which amanda services should run, if backup server is only client?
From: Paul Bijnens <Paul.Bijnens AT xplanation DOT com>
To: Mark Scheufele <mark.scheufele AT diasemi DOT com>
Date: Mon, 02 Jul 2007 17:40:06 +0200 
On 2007-07-02 17:12, Mark Scheufele wrote:
> Hi,
> 
> in our amanda setup there are no other clients than the backup server
> itself. The amanda software was compiled with the
> options--with-user=amanda --with-owner=amanda --with-group=sys so that
> all services do run under a separate amanda user. 

Good.


> 
> To be able to read all files within the local filesystems I have set the
> parameter dumpuser to "root" in the amanda.conf file. Backups are now
> running fine. But I am running into permission problems with amrecover.

Bad.  Amanda already runs the real backup program (gnutar) with
a setuid-root program, ("runtar" -- look in libexec) , giving it all
the permissions needed.  For dump all that is needed is that the amanda
has read-access to the disk-groups.  There are other programs needing a
setuid-flag on the executable as well.

It could be that while installing, you did not do "make install" as the
root user, thereby losing the setuid-bit on many programs that need it.
Another frequent error is that you have the setuid-programs on a
partition that is mounted with the "nosuid" option.


> 
> The problem is that all files under etc/<config>/index and all log.*
> files under etc/<config> are all assigned to the root user. The amindexd
> yet runs under the amanda user and therefore isn't able to read those
> files properly.

Revert to user "amanda", and "chown -R amanda" all the index, and log
files.  Then at least, amrecover works again.


> 
> To fix the problem I was thinking about recompiling amanda to run all
> services completely under the uid root to avoid the permission problems.
> 
> But maybe there is a better way to accomplish my goal. It would be great
> if someone could point me into the right direction.

No, better find out why the setuid bit was not working for your
installation.


-- 
Paul Bijnens, xplanation Technology Services        Tel  +32 16 397.511
Technologielaan 21 bus 2, B-3001 Leuven, BELGIUM    Fax  +32 16 397.512
http://www.xplanation.com/          email:  Paul.Bijnens AT xplanation DOT com
***********************************************************************
* I think I've got the hang of it now:  exit, ^D, ^C, ^\, ^Z, ^Q, ^^, *
* F6, quit, ZZ, :q, :q!, M-Z, ^X^C, logoff, logout, close, bye, /bye, *
* stop, end, F3, ~., ^]c, +++ ATH, disconnect, halt,  abort,  hangup, *
* PF4, F20, ^X^X, :D::D, KJOB, F14-f-e, F8-e,  kill -1 $$,  shutdown, *
* init 0, kill -9 1, Alt-F4, Ctrl-Alt-Del, AltGr-NumLock, Stop-A, ... *
* ...  "Are you sure?"  ...   YES   ...   Phew ...   I'm out          *
***********************************************************************
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: client stopped getting backed up after June 18, Radek Brich
Next by Date:  Re: UID under which amanda services should run, if backup server is only client?, Chris Hoogendyk
Previous by Thread:  UID under which amanda services should run, if backup server is only client?, Mark Scheufele
Next by Thread:  RE: UID under which amanda services should run, if backup server is only client?, Mark Scheufele
Indexes:  [Date] [Thread] [Top] [All Lists]