On Thu, May 20, 2004 at 12:57:08AM +0000, Lars Kellogg-Stedman wrote:
> I'm following up on an issue that was posted to this list back in
> January:
>
> > JLM pointed out another thing I did not know. amcheck does not consider
> > it an error for the file to not exist, it is listed as "optional". But
> > amcheck does consider it an error if the file has the wrong permissions
> > or if it is unable to determine if it exists.
>
> I'm running into exactly this problem. In my dumptypes file, I have:
>
> exclude list optional ".amanda.exclude"
>
> In my disklist file, I'm backing up individual home directories:
>
> arcadia /export/home/lars comp-user-tar
>
> Permissions on this directory are 750, so amcheck is failing:
>
> ERROR: backuphost: [Can't open exclude file
> '/export/home/lars/.amanda.exclude': Permission denied]
>
> Of course, amcheck (and amandad) are running as user 'amanda' when running
> this check, while the backup itself is performed as root (since the
> 'runtar' command is SUID root)
>
...
> I'm hesitant to make things globally readable just to make Amanda work, so
> I've worked around the problem on my Linux system using ACLs:
>
> setfacl -m u:amanda:rwx /export/home/*
Nice approach.
Another approach, if ACL's are unavailable or ?overkill?,
would be to give the directory world execute permission (751).
Then a process could access a specific file if it "knows its name"
but searchs like "ls" or "cat *" would not work because
read permission was denied.
--
Jon H. LaBadie jon AT jgcomp DOT com
JG Computing
4455 Province Line Road (609) 252-0159
Princeton, NJ 08540-4322 (609) 683-7220 (fax)
|