Re: planner,dumper and amcheck keep reverting back to (not setuid-root)
2005-07-29 13:53:39
On Fri, Jul 29, 2005 at 03:34:29PM +0100, Chuck Amadi Systems Administrator
wrote:
> Hi
>
> I run by hand amcheck it is in my crontab but every now and then I run
> it to check.
>
> Amanda Tape Server Host Check
> -----------------------------
> WARNING: program /usr/lib/amanda/planner: not setuid-root
> WARNING: program /usr/lib/amanda/dumper: not setuid-root
> WARNING: program /usr/sbin/amcheck: not setuid-root
>
> Thus I use chmod u+s as root.
>
> # chmod u+s /usr/lib/amanda/planner
> # chmod u+s /usr/lib/amanda/dumper
> # chmod u+s /usr/sbin/amcheck
>
> The above sorts this out bit I have had to do this a few times this
> week.
>
> I haven't got to do this on the other tape server Where is the best
> place to check why it keeps reverting to the following below.
>
Chuck,
I hope you realize this has nothing to do with amanda.
The system probably has some "security" program that
runs periodically and reports on all root-setuid programs.
Perhaps automatically removing the setuid on those not
in some list of "known safe" programs.
I once had an AT&T sysadmin who when to a security class.
At the class they learned that setuid programs were a
huge security problem. When she got back, that Sunday night,
she came in to the training site where I consulted and ran
a find command on all the systems to locate and remove all
setuid permissions on all programs.
Monday morning, very little worked right.
--
Jon H. LaBadie jon AT jgcomp DOT com
JG Computing
4455 Province Line Road (609) 252-0159
Princeton, NJ 08540-4322 (609) 683-7220 (fax)
|
|
|