Amanda-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Staring From Scratch --Installing AManda

2003-07-03 16:12:55
Subject: Re: Staring From Scratch --Installing AManda
From: Eric Siegerman <erics AT telepres DOT com>
To: amanda-users AT amanda DOT org
Date: Thu, 3 Jul 2003 16:07:25 -0400 
On Thu, Jul 03, 2003 at 02:59:35PM -0400, Gene Heskett wrote:
> On Thursday 03 July 2003 13:21, Eric Siegerman wrote:
> >On Thu, Jul 03, 2003 at 12:40:35PM -0400, Jon LaBadie wrote:
> >> Most people build the software as the amanda_user.
> >
> >Why?  I just built it under my own account, and everything went
> >ok.  (I did the "make install" as root of course.)
> 
> Which if you follow that to its logical conclusion means that because 
> you must then be a member of the group disk or backup, your default 
> account will have virtually root perms.

No.  My personal account is NOT a member of the
disk/operator/backup/whatever group.  Amanda doesn't *run* as me;
I did the usual -- created an "amanda" account and configured the
package with:
    --with-user=amanda --with-group=<system-dependent-value>

My only question was why people find it useful to "configure
--many-options; make" Amanda as that user, instead of as
themselves.

> Most of us would rather not have your own user accounts so exposed, 

Indeed.  Myself emphatically included.

Ok, my "make install" as root is a hole, I admit, but a pretty
typical one.  (Don't get me started on the topic of GNU packages'
and automake's inscrutable, unauditable "make -n" logs!)

Hmm, maybe your point is that by doing the whole thing as
"amanda" you can avoid becoming root for the "make install"
(after the first time on a given box, of course, when some
directories might need to be created and chown'ed).  But that
only works because Amanda conflates "the user under which I run"
with "the user that owns my files", which is a security problem
in itself.

In fact, that's one of my pet peeves; Amanda should *not* have
write permission on its own files -- or be able to acquire it,
i.e.  "chmod a-w" doesn't suffice.  "Least privilege" and all
that.  (I don't know how an attacker could use the write
permission that Amanda now has, but it's prudent to start off by
assuming, until convinced otherwise, that there exists a way to
use it.)

--

|  | /\
|-_|/  >   Eric Siegerman, Toronto, Ont.        erics AT telepres DOT com
|  |  /
When I came back around from the dark side, there in front of me would
be the landing area where the crew was, and the Earth, all in the view
of my window. I couldn't help but think that there in front of me was
all of humanity, except me.
        - Michael Collins, Apollo 11 Command Module Pilot
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Is it possible to backup several servers to one tape for 3 days?, Joshua Baker-LePain
Next by Date:  Starting From Scratch, Harry Mbang
Previous by Thread:  Re: Staring From Scratch --Installing AManda, Gene Heskett
Next by Thread:  Re: Staring From Scratch --Installing AManda, Jon LaBadie
Indexes:  [Date] [Thread] [Top] [All Lists]