Amanda-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Amanda must be run as user amandabackup when using bsdtcp authentication

2009-05-19 15:37:56
Subject: Re: Amanda must be run as user amandabackup when using bsdtcp authentication
From: Deb Baddorf <baddorf AT fnal DOT gov>
To: Abilio Carvalho <abilio.carvalho AT bbp DOT ch>
Date: Tue, 19 May 2009 14:28:16 -0500 
At 3:01 PM +0200 5/19/09, Abilio Carvalho wrote:

owner is amandabackup:disk
I can log in to the account just fine, I don't think any more logging is possible though I'll check. I checked the manifest for the service and it confirms that it is SUPPOSED to start as amandabackup.
If I do what you say, and log into amandabackup and run that, I get the following on /tmp/amanda/amandad/amandad.TIMESTAMP.debug:
1242737635.958239: amandad: pid 9504 ruid 6028 euid 6028 version 2.6.1: start at Tue May 19 14:53:55 2009 1242737635.989035: amandad: security_getdriver(name=bsdtcp) returns ff31c788 
1242737635.992943: amandad: version 2.6.1
1242737635.992955: amandad:     build: VERSION="Amanda-2.6.1"
1242737635.992961: amandad: BUILT_DATE="Mon May 18 12:33:06 CEST 2009" 
1242737635.992967: amandad:            BUILT_MACH="sparc-sun-
solaris2.10" BUILT_REV="1609"
1242737635.992973: amandad:            BUILT_BRANCH="amanda-261" CC="/
opt/SUNWspro/bin/cc"
1242737635.992979: amandad: paths: bindir="/bin" sbindir="/sbin" libexecdir="/libexec" 1242737635.992984: amandad: amlibexecdir="/libexec/amanda" mandir="/share/man" 1242737635.992990: amandad: AMANDA_TMPDIR="/tmp/amanda" AMANDA_DBGDIR="/tmp/amanda" 1242737635.992995: amandad: CONFIG_DIR="/etc/amanda" DEV_PREFIX="/dev/dsk/" 
1242737635.993000: amandad:            RDEV_PREFIX="/dev/rdsk/" DUMP="/
usr/sbin/ufsdump"
1242737635.993005: amandad: RESTORE="/usr/sbin/ufsrestore" VDUMP=UNDEF VRESTORE=UNDEF 1242737635.993011: amandad: XFSDUMP=UNDEF XFSRESTORE=UNDEF VXDUMP=UNDEF VXRESTORE=UNDEF 
1242737635.993016: amandad:            SAMBA_CLIENT="/usr/sfw/bin/
smbclient"
1242737635.993021: amandad: GNUTAR="/usr/sfw/bin/gtar" COMPRESS_PATH="/usr/bin/gzip" 1242737635.993026: amandad: UNCOMPRESS_PATH="/usr/bin/gzip" LPRCMD="/usr/bin/lp" 
1242737635.993032: amandad:             MAILER=UNDEF listed_incr_dir="/
var/amanda/gnutar-lists"
1242737635.993037: amandad: defs: DEFAULT_SERVER="galadhrim" DEFAULT_CONFIG="DailySet1" 1242737635.993042: amandad: DEFAULT_TAPE_SERVER="galadhrim" DEFAULT_TAPE_DEVICE="" 1242737635.993047: amandad: HAVE_MMAP NEED_STRSTR HAVE_SYSVSHM AMFLOCK_POSIX AMFLOCK_LOCKF 1242737635.993053: amandad: AMFLOCK_LNLOCK SETPGRP_VOID AMANDA_DEBUG_DAYS=4 BSD_SECURITY 1242737635.993058: amandad: USE_AMANDAHOSTS CLIENT_LOGIN="amandabackup" CHECK_USERID 1242737635.993063: amandad: HAVE_GZIP COMPRESS_SUFFIX=".gz" COMPRESS_FAST_OPT="--fast" 1242737635.993069: amandad: COMPRESS_BEST_OPT="--best" UNCOMPRESS_OPT="-dc" 1242737635.997381: amandad: getpeername returned: Socket operation on non-socket 1242737635.997434: amandad: pid 9504 finish time Tue May 19 14:53:55 2009
so it does seem like as inetd problem and not amanda. I just have no clue as to how that's possible 

These are my instructs (to myself)  for Linux machines -- but they may spark
a thought in your situation:
the client needs lines like this

add these lines to /etc/services
amanda 10080/udp # Dump server control
amidxtape 10083/tcp # Amanda tape indexing
amandaidx 10082/tcp # Amanda recovery program

add these lines to   /etc/inetd.conf   and then kill -HUP  inetd process
             (2 lines --- mine may wrap)

amanda dgram udp wait amandabackup  /usr/local/libexec/amanda/amandad amandad
amidxtape stream tcp nowait amandabackup /usr/local/libexec/amanda/amidxtaped amidxtaped 





On May 19, 2009, at 2:45 PM, Jean-Louis Martineau wrote:


 Who is the owner of /tmp/amanda/amandad/amandad.20090519111556.debug

 Can you use the amandabackup account? Can you log to that account?
Can you enabled more logging in inetd? It is an inetd misconfiguration if amandad is run as root.
Log as amandabackup and run '/libexec/amanda/amandad -auth=bsdtcp 
 > amdump'


 Jean-Louis

 Abilio Carvalho wrote:

 follow-up:
I was wrong, it wasn't syslog, it was messages. There I now see a couple lines like:
May 19 13:58:23 galadhrim inetd[24015]: [ID 317013 daemon.notice] amanda[27116] from 172.22.0.23 44223 May 19 13:58:31 galadhrim inetd[24015]: [ID 317013 daemon.notice] amanda[27214] from 172.22.0.23 703 May 19 13:59:12 galadhrim inetd[24015]: [ID 317013 daemon.notice] amanda[27619] from 172.22.0.23 703 


 On May 19, 2009, at 1:37 PM, Jean-Louis Martineau wrote:



 Abilio Carvalho wrote:


 the log directory on the client only has the following:
root@BACKUPCLIENT:/tmp/amanda/amandad# cat amandad. 20090519111556.debug 1242724556.328466: amandad: pid 18933 ruid 0 euid 0 version 2.6.1: start at Tue May 19 11:15:56 2009 



 ruid 0 euid 0
 That's root user
 Do you have an amandabackup user on the client
 Check inet log

 Jean-Louis
1242724556.339271: amandad: security_getdriver(name=bsdtcp) returns ff31c788 1242724556.339369: amandad: critical (fatal): Amanda must be run as user 'amandabackup' when using 'bsdtcp' authentication
I can't even see what user it's TRYING to use, only that it should be running as amandabackup. All relevant config files tell me that it IS. Any way to get more descriptive logs? I tried debug_amandad on the amanda-client.conf, but that had no effect 

 please help

 Abilio


-----------------------------------------------------------------------------------
 This e-mail is strictly confidential and may be privileged.
It is intended solely for the addressee. If you are not the intended recipient, any copying, distribution or any other use of this message 
 is prohibited and may be unlawful. In such case, please notify the
 sender Immediately and destroy this e-mail.

------------------------------------------------------------------------------------







-----------------------------------------------------------------------------------
 This e-mail is strictly confidential and may be privileged.
 It is intended solely for the addressee. If you are not the intended
 recipient, any copying, distribution or any other use of this message
 is prohibited and may be unlawful. In such case, please notify the
 sender Immediately and destroy this e-mail.

------------------------------------------------------------------------------------







-----------------------------------------------------------------------------------
This e-mail is strictly confidential and may be privileged.
It is intended solely for the addressee. If you are not the intended
recipient, any copying, distribution or any other use of this message
is prohibited and may be unlawful. In such case, please notify the
sender Immediately and destroy this e-mail.
------------------------------------------------------------------------------------
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: 2.6.1 client with 2.4.3 server?, Jean-Louis Martineau
Next by Date:  Re: 2.6.1 client with 2.4.3 server?, Mitch Collinsworth
Previous by Thread:  Re: Amanda must be run as user amandabackup when using bsdtcp authentication, Abilio Carvalho
Next by Thread:  Re: Amanda must be run as user amandabackup when using bsdtcp authentication, Abilio Carvalho
Indexes:  [Date] [Thread] [Top] [All Lists]