Re: another chg-zd-mtx problem
2003-02-12 11:28:46
Eric -
Yeah my brain must have been up my proverbial a**. I actually tried that
first and it didn't work. What I didn't pay attention to was that
/dev/sg2 actually was a sym link to /dev/scsi/host0/ (I'm running
Mandrake 9 and using devfs) So once I changed the group recursively of
/dev/scsi/host0/ I was fine for this part of my problems anyway.
Thanks for making me take a second look at that.
If I change the group of /dev/sg2 to disk (the amanda group on my box is
'disk') I still get the same problem:
[root@ruby daily-net]# ls -la /dev/sg2
lr-xr-xr-x 1 root disk 36 Feb 10 13:45 /dev/sg2 ->
scsi/host0/
On Tue, 2003-02-11 at 16:21, Eric Sproul wrote:
> On Tue, 2003-02-11 at 14:41, Pete Poggione wrote:
> > I get an error trying to access /dev/sg2 as the Amanda user so I had to
> > set /sbin/mtx to run as suid root. That seemed to take care of that
> > issue (if anyone has a better idea let me know)
>
> Pete,
> This is not wise-- with suid root, any non-privileged user on the system
> would be able to execute mtx. This is probably not what you want. It
> would be better to make the device read/writable by the group that the
> amanda user belongs to, such as "operator" or "backup".
>
> For example, on my Debian box, I have an HP changer as well, and the
> robot is on /dev/sg2 like yours. On Debian, amanda runs as user
> "backup" and group "backup" so I did:
>
> # chmod g+rw backup /dev/sg2
>
> Now amanda has access to the robot without making mtx suid root. Normal
> users have no access to the device.
>
> HTH,
> Eric
|
|
|