On 2007-07-02 17:12, Mark Scheufele wrote:
> Hi,
>
> in our amanda setup there are no other clients than the backup server
> itself. The amanda software was compiled with the
> options--with-user=amanda --with-owner=amanda --with-group=sys so that
> all services do run under a separate amanda user.
Good.
>
> To be able to read all files within the local filesystems I have set the
> parameter dumpuser to "root" in the amanda.conf file. Backups are now
> running fine. But I am running into permission problems with amrecover.
Bad. Amanda already runs the real backup program (gnutar) with
a setuid-root program, ("runtar" -- look in libexec) , giving it all
the permissions needed. For dump all that is needed is that the amanda
has read-access to the disk-groups. There are other programs needing a
setuid-flag on the executable as well.
It could be that while installing, you did not do "make install" as the
root user, thereby losing the setuid-bit on many programs that need it.
Another frequent error is that you have the setuid-programs on a
partition that is mounted with the "nosuid" option.
>
> The problem is that all files under etc/<config>/index and all log.*
> files under etc/<config> are all assigned to the root user. The amindexd
> yet runs under the amanda user and therefore isn't able to read those
> files properly.
Revert to user "amanda", and "chown -R amanda" all the index, and log
files. Then at least, amrecover works again.
>
> To fix the problem I was thinking about recompiling amanda to run all
> services completely under the uid root to avoid the permission problems.
>
> But maybe there is a better way to accomplish my goal. It would be great
> if someone could point me into the right direction.
No, better find out why the setuid bit was not working for your
installation.
--
Paul Bijnens, xplanation Technology Services Tel +32 16 397.511
Technologielaan 21 bus 2, B-3001 Leuven, BELGIUM Fax +32 16 397.512
http://www.xplanation.com/ email: Paul.Bijnens AT xplanation DOT com
***********************************************************************
* I think I've got the hang of it now: exit, ^D, ^C, ^\, ^Z, ^Q, ^^, *
* F6, quit, ZZ, :q, :q!, M-Z, ^X^C, logoff, logout, close, bye, /bye, *
* stop, end, F3, ~., ^]c, +++ ATH, disconnect, halt, abort, hangup, *
* PF4, F20, ^X^X, :D::D, KJOB, F14-f-e, F8-e, kill -1 $$, shutdown, *
* init 0, kill -9 1, Alt-F4, Ctrl-Alt-Del, AltGr-NumLock, Stop-A, ... *
* ... "Are you sure?" ... YES ... Phew ... I'm out *
***********************************************************************
|