Amanda-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Staring From Scratch --Installing AManda

2003-07-03 21:56:24
Subject: Re: Staring From Scratch --Installing AManda
From: Gene Heskett <gene.heskett AT verizon DOT net>
To: Eric Siegerman <erics AT telepres DOT com>, amanda-users AT amanda DOT org
Date: Thu, 3 Jul 2003 21:52:20 -0400 
On Thursday 03 July 2003 16:07, Eric Siegerman wrote:
>On Thu, Jul 03, 2003 at 02:59:35PM -0400, Gene Heskett wrote:
>> On Thursday 03 July 2003 13:21, Eric Siegerman wrote:
>> >On Thu, Jul 03, 2003 at 12:40:35PM -0400, Jon LaBadie wrote:
>> >> Most people build the software as the amanda_user.
>> >
>> >Why?  I just built it under my own account, and everything went
>> >ok.  (I did the "make install" as root of course.)
>>
>> Which if you follow that to its logical conclusion means that
>> because you must then be a member of the group disk or backup,
>> your default account will have virtually root perms.
>
>No.  My personal account is NOT a member of the
>disk/operator/backup/whatever group.  Amanda doesn't *run* as me;
>I did the usual -- created an "amanda" account and configured the
>package with:
>    --with-user=amanda --with-group=<system-dependent-value>
>
>My only question was why people find it useful to "configure
>--many-options; make" Amanda as that user, instead of as
>themselves.
>
>> Most of us would rather not have your own user accounts so
>> exposed,
>
>Indeed.  Myself emphatically included.
>
>Ok, my "make install" as root is a hole, I admit, but a pretty
>typical one.  (Don't get me started on the topic of GNU packages'
>and automake's inscrutable, unauditable "make -n" logs!)
>
And one thats required in order to get all the proper perms set.

>Hmm, maybe your point is that by doing the whole thing as
>"amanda" you can avoid becoming root for the "make install"
>(after the first time on a given box, of course, when some
>directories might need to be created and chown'ed).  But that
>only works because Amanda conflates "the user under which I run"
>with "the user that owns my files", which is a security problem
>in itself.
>
>In fact, that's one of my pet peeves; Amanda should *not* have
>write permission on its own files -- or be able to acquire it,
>i.e.  "chmod a-w" doesn't suffice.  "Least privilege" and all
>that.  (I don't know how an attacker could use the write
>permission that Amanda now has, but it's prudent to start off by
>assuming, until convinced otherwise, that there exists a way to
>use it.)

There may be, and I personally have not explored it.  I have a 
tendency to leave that to the real security experts, where an expert 
is anyone more than 50 miles from home and carrying a briefcase.  I'm 
neither :)

-- 
Cheers, Gene
AMD K6-III@500mhz 320M
Athlon1600XP@1400mhz  512M
99.26% setiathome rank, not too shabby for a WV hillbilly
Yahoo.com attornies please note, additions to this message
by Gene Heskett are:
Copyright 2003 by Maurice Eugene Heskett, all rights reserved.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: to compress or not to compress ???, Gene Heskett
Next by Date:  Re: Starting From Scratch, Gene Heskett
Previous by Thread:  Re: Staring From Scratch --Installing AManda, Jon LaBadie
Next by Thread:  Bug in chg-chio?, Jack Twilley
Indexes:  [Date] [Thread] [Top] [All Lists]