Re: error processing config file with amcheck
2006-04-12 23:42:07
On Wed, Apr 12, 2006 at 06:05:29PM +0200, Thomas Ginestet wrote:
> Thanks JL you right. I've made my own dumptype and it's much better.
> But amcheck tell me to run it as user backup instead of root and when I
> run it with user backup, i've got:
>
> backup:/$ /usr/sbin/amcheck DailySet
> amcheck: could not open /tmp/amanda/amcheck.temp.19982: Permission denied
>
> amcheck is setuid so I don't understand why it fail (and why it tries to
> open /tmp/amanda)
> -rwsr-xr-- 1 root backup 35164 2006-04-03 14:07 amcheck
>
Just because a program is setuid root does not mean all its
functions run with those permissions. Just as you can do
an "su username" the amcheck can change its id for some
purposes that need not be done as root. Least necessary
privlege is often the best choice.
/tmp/amanda is where debugging files from all amanda programs
are logged. It should be owned by amanda. Probably
it is owned by root due to your running things as root
in the past.
--
Jon H. LaBadie jon AT jgcomp DOT com
JG Computing
4455 Province Line Road (609) 252-0159
Princeton, NJ 08540-4322 (609) 683-7220 (fax)
|
|
|