Re: Amanda must be run as user amandabackup when using bsdtcp authentication
2009-05-19 15:37:56
At 3:01 PM +0200 5/19/09, Abilio Carvalho wrote:
owner is amandabackup:disk
I can log in to the account just fine, I don't think any more logging
is possible though I'll check. I checked the manifest for the service
and it confirms that it is SUPPOSED to start as amandabackup.
If I do what you say, and log into amandabackup and run that, I get
the following on /tmp/amanda/amandad/amandad.TIMESTAMP.debug:
1242737635.958239: amandad: pid 9504 ruid 6028 euid 6028 version
2.6.1: start at Tue May 19 14:53:55 2009
1242737635.989035: amandad: security_getdriver(name=bsdtcp) returns
ff31c788
1242737635.992943: amandad: version 2.6.1
1242737635.992955: amandad: build: VERSION="Amanda-2.6.1"
1242737635.992961: amandad: BUILT_DATE="Mon May 18 12:33:06
CEST 2009"
1242737635.992967: amandad: BUILT_MACH="sparc-sun-
solaris2.10" BUILT_REV="1609"
1242737635.992973: amandad: BUILT_BRANCH="amanda-261" CC="/
opt/SUNWspro/bin/cc"
1242737635.992979: amandad: paths: bindir="/bin" sbindir="/sbin"
libexecdir="/libexec"
1242737635.992984: amandad: amlibexecdir="/libexec/amanda"
mandir="/share/man"
1242737635.992990: amandad: AMANDA_TMPDIR="/tmp/amanda"
AMANDA_DBGDIR="/tmp/amanda"
1242737635.992995: amandad: CONFIG_DIR="/etc/amanda"
DEV_PREFIX="/dev/dsk/"
1242737635.993000: amandad: RDEV_PREFIX="/dev/rdsk/" DUMP="/
usr/sbin/ufsdump"
1242737635.993005: amandad: RESTORE="/usr/sbin/ufsrestore"
VDUMP=UNDEF VRESTORE=UNDEF
1242737635.993011: amandad: XFSDUMP=UNDEF XFSRESTORE=UNDEF
VXDUMP=UNDEF VXRESTORE=UNDEF
1242737635.993016: amandad: SAMBA_CLIENT="/usr/sfw/bin/
smbclient"
1242737635.993021: amandad: GNUTAR="/usr/sfw/bin/gtar"
COMPRESS_PATH="/usr/bin/gzip"
1242737635.993026: amandad: UNCOMPRESS_PATH="/usr/bin/gzip"
LPRCMD="/usr/bin/lp"
1242737635.993032: amandad: MAILER=UNDEF listed_incr_dir="/
var/amanda/gnutar-lists"
1242737635.993037: amandad: defs: DEFAULT_SERVER="galadhrim"
DEFAULT_CONFIG="DailySet1"
1242737635.993042: amandad: DEFAULT_TAPE_SERVER="galadhrim"
DEFAULT_TAPE_DEVICE=""
1242737635.993047: amandad: HAVE_MMAP NEED_STRSTR
HAVE_SYSVSHM AMFLOCK_POSIX AMFLOCK_LOCKF
1242737635.993053: amandad: AMFLOCK_LNLOCK SETPGRP_VOID
AMANDA_DEBUG_DAYS=4 BSD_SECURITY
1242737635.993058: amandad: USE_AMANDAHOSTS
CLIENT_LOGIN="amandabackup" CHECK_USERID
1242737635.993063: amandad: HAVE_GZIP COMPRESS_SUFFIX=".gz"
COMPRESS_FAST_OPT="--fast"
1242737635.993069: amandad: COMPRESS_BEST_OPT="--best"
UNCOMPRESS_OPT="-dc"
1242737635.997381: amandad: getpeername returned: Socket operation on
non-socket
1242737635.997434: amandad: pid 9504 finish time Tue May 19 14:53:55
2009
so it does seem like as inetd problem and not amanda. I just have no
clue as to how that's possible
These are my instructs (to myself) for Linux machines -- but they may spark
a thought in your situation:
the client needs lines like this
add these lines to /etc/services
amanda 10080/udp # Dump server control
amidxtape 10083/tcp # Amanda tape indexing
amandaidx 10082/tcp # Amanda recovery program
add these lines to /etc/inetd.conf and then kill -HUP inetd process
(2 lines --- mine may wrap)
amanda dgram udp wait amandabackup /usr/local/libexec/amanda/amandad amandad
amidxtape stream tcp nowait amandabackup
/usr/local/libexec/amanda/amidxtaped amidxtaped
On May 19, 2009, at 2:45 PM, Jean-Louis Martineau wrote:
Who is the owner of /tmp/amanda/amandad/amandad.20090519111556.debug
Can you use the amandabackup account? Can you log to that account?
Can you enabled more logging in inetd? It is an inetd
misconfiguration if amandad is run as root.
Log as amandabackup and run '/libexec/amanda/amandad -auth=bsdtcp
> amdump'
Jean-Louis
Abilio Carvalho wrote:
follow-up:
I was wrong, it wasn't syslog, it was messages. There I now see a
couple lines like:
May 19 13:58:23 galadhrim inetd[24015]: [ID 317013 daemon.notice]
amanda[27116] from 172.22.0.23 44223
May 19 13:58:31 galadhrim inetd[24015]: [ID 317013 daemon.notice]
amanda[27214] from 172.22.0.23 703
May 19 13:59:12 galadhrim inetd[24015]: [ID 317013 daemon.notice]
amanda[27619] from 172.22.0.23 703
On May 19, 2009, at 1:37 PM, Jean-Louis Martineau wrote:
Abilio Carvalho wrote:
the log directory on the client only has the following:
root@BACKUPCLIENT:/tmp/amanda/amandad# cat amandad.
20090519111556.debug
1242724556.328466: amandad: pid 18933 ruid 0 euid 0 version
2.6.1: start at Tue May 19 11:15:56 2009
ruid 0 euid 0
That's root user
Do you have an amandabackup user on the client
Check inet log
Jean-Louis
1242724556.339271: amandad: security_getdriver(name=bsdtcp)
returns ff31c788
1242724556.339369: amandad: critical (fatal): Amanda must be run
as user 'amandabackup' when using 'bsdtcp' authentication
I can't even see what user it's TRYING to use, only that it
should be running as amandabackup. All relevant config files
tell me that it IS. Any way to get more descriptive logs? I
tried debug_amandad on the amanda-client.conf, but that had no
effect
please help
Abilio
-----------------------------------------------------------------------------------
This e-mail is strictly confidential and may be privileged.
It is intended solely for the addressee. If you are not the
intended
recipient, any copying, distribution or any other use of this
message
is prohibited and may be unlawful. In such case, please notify the
sender Immediately and destroy this e-mail.
------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------
This e-mail is strictly confidential and may be privileged.
It is intended solely for the addressee. If you are not the intended
recipient, any copying, distribution or any other use of this message
is prohibited and may be unlawful. In such case, please notify the
sender Immediately and destroy this e-mail.
------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------
This e-mail is strictly confidential and may be privileged.
It is intended solely for the addressee. If you are not the intended
recipient, any copying, distribution or any other use of this message
is prohibited and may be unlawful. In such case, please notify the
sender Immediately and destroy this e-mail.
------------------------------------------------------------------------------------
|
|
|