On Fri, Jan 21, 2005 at 11:05:23PM -0500, Gene Heskett wrote:
> Most users are not that priviledged, and should not be.  And thats the 
> main justification for a seperate user to run amanda.

Agreed 100%!

"erics" isn't a member of "disk".  (Sorry I didn't mention that.
I agree with the above so fully that the possibility never even
occurred to me. :-) The reason I mentioned building under my own
account was to back up my assertion that building as the Amanda
user, or with any other kind of special privilege, is
unnecessary.

The build shouldn't need any particular permissions at all,
since in theory:
  - the build doesn't modify any files outside the build (and
    maybe source) trees

  - any user or group ids that get hard-wired at build time are
    taken from the --with-user, --with-owner, or --with-group
    config parameters, not from getuid() or the like

If the above claim is false, i.e. if building Amanda as your
Amanda user works better for you than building it as a completely
unprivileged user (given that both builds are installed as root),
then IMO that's a bug in Amanda.  In that case, continuing to
build as the Amanda user might be a useful workaround, but should
only remain necessary until the bug gets fixed.

Gene, on your system, if you build Amanda as a vanilla,
unprivileged user -- not root, not in the "disk" group -- and
then install it as root, what specifically goes wrong?

--

|  | /\
|-_|/  >   Eric Siegerman, Toronto, Ont.        erics AT telepres DOT com
|  |  /
The animal that coils in a circle is the serpent; that's why so
many cults and myths of the serpent exist, because it's hard to
represent the return of the sun by the coiling of a hippopotamus.
        - Umberto Eco, "Foucault's Pendulum"