On Wed, Feb 16, 2005 at 07:17:51AM +0100, Michael Weiser wrote:
> "permission denied" on running any sgid programs such as runtar. I found
> that xinetd will not properly activate primary group membership if not
> given the "groups" option in the service configuration file and
> therefore try to run the 2750 amanda:amanda runtar etc. as amanda:wheel.
Sorry, this should read "suid" instead of "sgid" and "4550" instead of
"2750". This means, that runtar and the others are setuid-root and only
runnable by members of the group given using --with-group, e.g. wheel or
amanda. If xinetd doesn't properly change group membership of the
amandad it spawns, it will run with xinetd's group, which is usually wheel,
and running runtar will only work if amanda was configured using
--with-group=wheel.
--
bye, Micha
|