Jean-Francois Malouin wrote:
* Jean-Louis Martineau <martineau AT zmanda DOT com> [20081104 13:46]:
Jean-Francois Malouin wrote:
Is this a new feature? I've done restore as root in the past I'm sure
and never seen this before. Have been living blind all this time? :)
So I guess I was lucky enough to do the amfetchdump in a dir owned by
amanda and then it could recreate the dir structure and file
ownerships...
Maybe you were using amrestore? It doesn't need amanda privilege.
I've used both for testing purposes before.
I've just finished a new restore test on a new piece of hardware:
# su amanda -c "/opt/amanda/sbin/amfetchdump -b 2048k -p -d
tape:/dev/nst0 top gustav /raid/ipl 20081104 | tar -xpGf -"
You've put the quotes too far. Put them only around the amfetchdump
command, and pipe the result to tar, which still has root priviliges
then:
su amanda -c "/opt/amanda/sbin/amfetchdump -b 2048k -p -d
tape:/dev/nst0 top gustav /raid/ipl 20081104" | tar -xpGf -
completes ok, looks good, the dle was successfully restored but tar
didn't restore the original ownerships of the dirs and files, they all
belong to user 'amanda' and group 'disk', its primary group, as I was
suspicious it would do in the first place, but I wanted to be 100%
sure before posting.
Tar needs root privileges indeed to restore ownership.
But amfetchdump needs to run as amanda.
There could maybe a case for allowing to run as root, but that
would open a whole lot of other problems, e.g. the debug directories
like /tmp/amanda etc would be created with root ownership. That
would give trouble for the next command, run as amanda, which would
get permission to add its debug files to that directory.
Besides, in general, it is safer and giving less chance to hit security
problems when not running programs as root unless strictly necessary.
| 