Amanda-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: bizarre bug fixed but not explained

2006-10-01 16:08:54
Subject: Re: bizarre bug fixed but not explained
From: Steve Newcomb <srn AT coolheads DOT com>
To: Jean-Louis Martineau <martineau AT zmanda DOT com>
Date: 01 Oct 2006 15:52:53 -0400 
Jean-Louis Martineau <martineau AT zmanda DOT com> writes:

> Your bug is also with:
> > chmod -R 6770 /home/amanda/libexec/* /home/amanda/sbin/*
> >
> Setting all binary to suid and sgid is a bad idea, especially since
> you set their owner to root.

>From my script, with added comments:

chown -R amanda.disk /home/amanda
chown root.disk /home/amanda/libexec/runtar  # "make install" does this but 
doesn't set group to disk
chown root.disk /home/amanda/libexec/dumper  # "make install" does this but 
doesn't set group to disk
chown root.disk /home/amanda/libexec/planner # "make install" does this but 
doesn't set group to disk
chown root.disk /home/amanda/sbin/amcheck    # "make install" does this but 
doesn't set group to disk
chmod -R 6770 /home/amanda/libexec/* /home/amanda/sbin/*  # "make install" does 
essentially the same 
                                                          # thing but doesn't 
privilege group "disk".

> With the owner set to amanda, it's not a good idea either.

I'm baffled.  I can't think of any reason why that's not a good idea.
Why isn't it a good idea?

> You should only set suid and sgid on required binary with correct ownership.

Correct ownership is root for the binaries I listed above, right?

> run 'make install' as root, it will set all permission correctly.

My script runs "make install", and then it makes adjustments
for my environment, and at least one adjustment because amcheck
doesn't work unless I do so.

But look, I'm not promoting my script!  It's only for me.  I only
shared it with you because I thought it might be helpful to you in
some way, even if only to see how some crazy guy uses Amanda at his
site, or to track down that bizarre bug -- which, for all we know, may
not have anything to do with Amanda.

-- Steve

Steven R. Newcomb, Consultant
Coolheads Consulting

Co-editor, Topic Maps International Standard (ISO/IEC 13250)
Co-editor, draft Topic Maps -- Reference Model (ISO/IEC 13250-5)

srn AT coolheads DOT com
http://www.coolheads.com

direct: +1 540 951 9773
main:   +1 540 951 9774
fax:    +1 540 951 9775

208 Highview Drive
Blacksburg, Virginia 24060 USA


(Confidential to all US government personnel to whom this private
letter is not addressed and who are reading it in the absence of a
specific search warrant: You are violating the law and you are
co-conspiring to subvert the Constitution that you are sworn to
defend.  You can either refuse to commit this crime, or you can expect
to suffer criminal sanctions in the future, when the current
administration of the United States of America has been replaced by
one that respects the rule of law.  I do not envy you for having to
make this difficult choice, but I urge you to make it wisely.)
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Next by Date:  2.5.1 tape spanning not actually working for me., Steve Newcomb
Next by Thread:  Re: bizarre bug fixed but not explained, Jean-Louis Martineau
Indexes:  [Date] [Thread] [Top] [All Lists]