Jean-Louis Martineau <martineau AT zmanda DOT com> writes:
> Your bug is also with:
> > chmod -R 6770 /home/amanda/libexec/* /home/amanda/sbin/*
> >
> Setting all binary to suid and sgid is a bad idea, especially since
> you set their owner to root.
>From my script, with added comments:
chown -R amanda.disk /home/amanda
chown root.disk /home/amanda/libexec/runtar # "make install" does this but
doesn't set group to disk
chown root.disk /home/amanda/libexec/dumper # "make install" does this but
doesn't set group to disk
chown root.disk /home/amanda/libexec/planner # "make install" does this but
doesn't set group to disk
chown root.disk /home/amanda/sbin/amcheck # "make install" does this but
doesn't set group to disk
chmod -R 6770 /home/amanda/libexec/* /home/amanda/sbin/* # "make install" does
essentially the same
# thing but doesn't
privilege group "disk".
> With the owner set to amanda, it's not a good idea either.
I'm baffled. I can't think of any reason why that's not a good idea.
Why isn't it a good idea?
> You should only set suid and sgid on required binary with correct ownership.
Correct ownership is root for the binaries I listed above, right?
> run 'make install' as root, it will set all permission correctly.
My script runs "make install", and then it makes adjustments
for my environment, and at least one adjustment because amcheck
doesn't work unless I do so.
But look, I'm not promoting my script! It's only for me. I only
shared it with you because I thought it might be helpful to you in
some way, even if only to see how some crazy guy uses Amanda at his
site, or to track down that bizarre bug -- which, for all we know, may
not have anything to do with Amanda.
-- Steve
Steven R. Newcomb, Consultant
Coolheads Consulting
Co-editor, Topic Maps International Standard (ISO/IEC 13250)
Co-editor, draft Topic Maps -- Reference Model (ISO/IEC 13250-5)
srn AT coolheads DOT com
http://www.coolheads.com
direct: +1 540 951 9773
main: +1 540 951 9774
fax: +1 540 951 9775
208 Highview Drive
Blacksburg, Virginia 24060 USA
(Confidential to all US government personnel to whom this private
letter is not addressed and who are reading it in the absence of a
specific search warrant: You are violating the law and you are
co-conspiring to subvert the Constitution that you are sworn to
defend. You can either refuse to commit this crime, or you can expect
to suffer criminal sanctions in the future, when the current
administration of the United States of America has been replaced by
one that respects the rule of law. I do not envy you for having to
make this difficult choice, but I urge you to make it wisely.)
|