On Mon, May 17, 2004 at 03:40:16PM -0400, Joe Konecny wrote:
> First install of amanda...  Freebsd 5.2.1, Amanda 2.4.4p2.
> I used bin and operator when compiling.

I much prefer to create a new userid just for Amanda.  If it runs
as bin, then it can write to a large part of the system (no
special privileges kernel-wise, but typically a *lot* of stuff is
owned by bin).  The principle of "least privilege" says that's an
unsafe idea -- if an attacker gets in, it gives them a(nother)
possible way to escalate privilege, plant trojans, etc.  But if
you're determined to let Amanda run as bin...

> 1. Where does .amandahosts go for the bin user?  /bin?

.amandahosts goes in the bin user's home directory, as specified
in /etc/passwd.

> I get an error "ERROR: r4p17: [access as bin not allowed
> from bin AT r4p17.gmihome DOT com] open of //.amandahosts failed.

Looks like that's /.amandahosts on your box (the extra "/" has no
significance; it probably comes from the code's doing the C
equivalent of:
        homedir="/"     # Actually, looking it up in /etc/passwd
        file="${homedir}/.amandahosts"
).

--

|  | /\
|-_|/  >   Eric Siegerman, Toronto, Ont.        erics AT telepres DOT com
|  |  /
It must be said that they would have sounded better if the singer
wouldn't throw his fellow band members to the ground and toss the
drum kit around during songs.
        - Patrick Lenneau