Re: amanda's rights on a client

hi joushua,

> > studying amanda's last dump -- wasn't pretty -- and something
smelled
> > funny.
> 
> Letting us see it would be helpful.
actually, i flushed it :-o


ok, here's the poop:

i had assumed that when specifying / in the disklist, that amanda would
back up the root and all its subdirs excepting the exclusions that i had
indicated:

---amanda.conf---
<snip>
define dumptype hard-disk-dump {
    global
    comment "hard disk backup using dump"
    holdingdisk no
    index yes
    priority high
}

define dumptype hard-disk-comp-tar {
    hard-disk-dump
    comment "hard disk backup using tar"
    program "GNUTAR"
    compress client best
}

---disklist---
localhost / {
        hard-disk-comp-tar
        exclude "./var/ftp/pub/redhat-8.0" "./var/ftp/pub/redhat-7.3"
"/var/ftp/pub/cygwin" "./tmp" "./mnt/backup"
}


i ran another dump today. and the same issue that i had posted earlier
aoccured. upon further inspection, i noticed that it was not in fact a
rights issue, but rather how my filesystem is mounted:

---/etc/fstab---
/dev/vg0/lvroot   /                       ext3    defaults        1 1
/dev/vg0/lvhome   /home                   ext3    defaults        1 2
/dev/vg0/lvopt    /opt                    ext3    defaults        1 2
/dev/vg0/lvtmp    /tmp                    ext3    defaults        1 2
/dev/vg0/lvusr    /usr                    ext3    defaults        1 2
/dev/vg0/lvvar    /var                    ext3    defaults        1 2
/dev/sda3         /boot                   ext3    defaults        1 2
<snip>


as you can see, i am using lvm and in fact, amanda was only backing up
the lvroot filesystem. changing the disklist to:

localhost / hard-disk-comp-tar
localhost /boot hard-disk-comp-tar
localhost /home hard-disk-comp-tar
localhost /opt hard-disk-comp-tar
localhost /usr hard-disk-comp-tar
localhost /var {
        hard-disk-comp-tar
        exclude "./ftp/pub/redhat-8.0" "./ftp/pub/redhat-7.3"
"./ftp/pub/cygwin" "./tmp"
}

cleared up the problem, and it worked great.


although i do not change the mounting/filesystem often, is there a way
to tell amanda to show no defference to how a filesystem is mounted and
when / is indicated, she would backup the entire filesystem?

this would obviate changing disklist if ever a client changed how it
mounts ...


cheers & have a nice weekend.

Charles Shick




---/etc/fstab---
> > studying amanda's last dump -- wasn't pretty -- and something
smelled
> > funny.
> 
> Letting us see it would be helpful.




On Fri, 2003-05-23 at 18:44, Joshua Baker-LePain wrote:
> On 23 May 2003 at 6:09pm, chuck shick wrote
> 
> > studying amanda's last dump -- wasn't pretty -- and something
smelled
> > funny.
> 
> Letting us see it would be helpful.
> 
> > if you specify mount points rather than device names in a server's
> > disklist, and amanda is not root equivallent on the client, than
files
> > on those client mount points (and their subdirectories) must have
read
> > privillages for amanda?
> 
> No.
> 
> > is there a quick and secure solution to this, that is, to give
amanda
> > the rights to read everything without getting into a bunch of acl
stuff?
> 
> If you're using a vendor dump, it reads the raw device, which the
amanda 
> user must have read access to.  If you're using tar, amanda runs it
via 
> the setuid root 'runtar' wrapper.
> 
> What problems did you see.
> 
> -- 
> Joshua Baker-LePain
> Department of Biomedical Engineering
> Duke University