Amanda-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: amrestore: NAK: user root from localhost is not allowed to execute the service amindexd

2009-03-01 21:31:26
Subject: Re: amrestore: NAK: user root from localhost is not allowed to execute the service amindexd
From: John Hein <jhein AT timing DOT com>
To: Charles Curley <charlescurley AT charlescurley DOT com>
Date: Sun, 1 Mar 2009 19:28:32 -0700 
Charles Curley wrote at 18:54 -0700 on Mar  1, 2009:
 > On Sun, Mar 01, 2009 at 05:49:20PM -0700, John Hein wrote:
 > > man amrecover (see -s & -t).  I don't know if there is a run-time
 > > configuration option for these (I didn't see one after a quick read
 > > of the man pages) - if so, -o would be of no help.
 > 
 > Those set the index and tape servers, respectively. Supposedly, you
 > can also do that with environmental variables. I tried environmental
 > variables, and they didn't work.

Indeed, and the code seems to agree with the man page...

recover-src/amrecover.c:        server_name = getenv("AMANDA_SERVER");
recover-src/amrecover.c:        tape_server_name = getenv("AMANDA_TAPE_SERVER");

I believe it has worked for me in the past.


 > I mean that amrecover should work on the client.

Yes, it does work on the client.


 > > If you are asking if most people configure amanda that way, I'd say
 > > probably not, but who knows - I can say that I don't.  If you want,
 > > you can take it up with the debian/ubuntu packager.  FWIW, the default
 > > in the configure script if you don't specify --with-index-server is
 > > `uname -n`.
 > 
 > Which in a precompiled package would give you the host name of the
 > build machine, rather useless for the rest of the universe.

Which is perhaps why they might override that with 'localhost'.  If I
were the packager, I'd probably pick some host name that you could
define as a good CNAME (or additional A record) in DNS, like 'backup',
but there's a risk of picking something that will clash for someone
out there.
Having it overridable in amanda.conf would be good for this
issue.  If it really is not, then it might make a simple project
for someone.


 > How about having it call the OS to enquire, and providing an option
 > to override?  But that has its own security problems.

Inquire what?  DNS?  Some LDAP map?  I think -s & -t should work as
a way to override - not sure why they didn't for you.  I don't
see a security issue since the server can decide which client
hosts to allow (except perhaps for spoofing issues, but if
you have problems with that, amanda may be the least of
your worries).
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: amrestore: NAK: user root from localhost is not allowed to execute the service amindexd, Charles Curley
Next by Date:  Re: amrestore: NAK: user root from localhost is not allowed to execute the service amindexd, Charles Curley
Previous by Thread:  Re: amrestore: NAK: user root from localhost is not allowed to execute the service amindexd, Charles Curley
Next by Thread:  Re: amrestore: NAK: user root from localhost is not allowed to execute the service amindexd, Charles Curley
Indexes:  [Date] [Thread] [Top] [All Lists]