Fwd: amanda 3.3.3

Dagobert Michelsen dam at opencsw.org
Thu Nov 14 18:47:46 CET 2013 

Hi,

maybe someone wants to fix the amanda permissions? I may have some time tomorrow, but can't promise.
It also lacks MIGRATE_CONFIG.


Best regards

  -- Dago

Anfang der weitergeleiteten E-Mail:

> Von: upen <upendra.gandhi at gmail.com>
> Datum: 14. November 2013 18:42:34 MEZ
> An: Dagobert Michelsen <dam at opencsw.org>
> Kopie: Questions and discussions <users at lists.opencsw.org>
> Betreff: Re: amanda 3.3.3
> Antwort an: upendra.gandhi at gmail.com
> 
> Hi Dago,
> 
>> Short anwer: all new packages look in /etc/opt/csw as it is more zone-friendly if
>> you have a read-only /opt or /opt on NFS. Usually there is a migration script
>> that copies the data from /opt/csw/etc to /etc/opt/csw. This way probably missed
>> for amanda. Just move over the config files and you should be fine.
> 
> Thank you, I will move over the amanda configuration. I also just
> noticed using amadmin that CONFIG_DIR was set to /etc/opt/csw, so I
> have to move it.
> 
> By the way, after moving the configuration, I saw amcheck failed with
> 'permission denied'. This looked likeissue with permissions on the
> amcheck binary.
> 
> Iamroot#su - amanda -c "/opt/csw/sbin/amcheck -a monthlyfull"
> Amanda Backup Client Hosts Check
> --------------------------------
> WARNING: client: selfcheck request failed: Permission denied
> Client check: 1 host checked in 10.023 seconds.  1 problem found.
> 
> Debug log for amcheck:
> Thu Nov 14 11:13:19 2013: thd-34400: amcheck-clients: connect_port:
> Skip port 513: owned by login.
> Thu Nov 14 11:13:19 2013: thd-34400: amcheck-clients: connect_port:
> Skip port 514: owned by shell.
> Thu Nov 14 11:13:19 2013: thd-34400: amcheck-clients: connect_port:
> Skip port 515: owned by printer.
> Thu Nov 14 11:13:19 2013: thd-34400: amcheck-clients: make_socket
> opening socket with family 2
> Thu Nov 14 11:13:19 2013: thd-34400: amcheck-clients: connect_port:
> Try  port 516: available - Permission denied
> Thu Nov 14 11:13:19 2013: thd-34400: amcheck-clients: stream_client:
> Could not bind to port in range 512-1023.
> Thu Nov 14 11:13:19 2013: thd-34400: amcheck-clients:
> security_seterror(handle=55d50, driver=ff17c360 (BSDTCP)
> error=Permission denied)
> Thu Nov 14 11:13:19 2013: thd-34400: amcheck-clients:
> security_close(handle=55d50, driver=ff17c360 (BSDTCP))
> 
> 
> The permissions on the below binaries are not  set-uid root.
> bash-3.00# ls -al /opt/csw/sbin/am*
> -rwxr-xr-x   1 root     bin        15399 Apr 24  2013 /opt/csw/sbin/amaddclient
> -rwxr-xr-x   1 root     bin        53872 Apr 24  2013 /opt/csw/sbin/amadmin
> -rwxr-xr-x   1 root     bin         3383 Apr 24  2013 /opt/csw/sbin/amaespipe
> -rwxr-xr-x   1 root     bin        15604 Apr 24  2013 /opt/csw/sbin/amarchiver
> -rwxr-xr-x   1 root     bin        64132 Apr 24  2013 /opt/csw/sbin/amcheck
> -rwxr-xr-x   1 root     bin         1859 Apr 24  2013 /opt/csw/sbin/amcheckdb
> -rwxr-xr-x   1 root     bin        14587 Apr 24  2013 /opt/csw/sbin/amcheckdump
> -rwxr-xr-x   1 root     bin         6356 Apr 24  2013 /opt/csw/sbin/amcleanup
> -rwxr-xr-x   1 root     bin         4254 Apr 24  2013
> /opt/csw/sbin/amcleanupdisk
> -rwxr-xr-x   1 root     bin         1065 Apr 24  2013 /opt/csw/sbin/amcrypt
> -rwxr-xr-x   1 root     bin         3209 Apr 24  2013 /opt/csw/sbin/amcrypt-ossl
> -rwxr-xr-x   1 root     bin         6982 Apr 24  2013
> /opt/csw/sbin/amcrypt-ossl-asym
> -rwxr-xr-x   1 root     bin         4660 Apr 24  2013
> /opt/csw/sbin/amcryptsimple
> -rwxr-xr-x   1 root     bin         4613 Apr 24  2013 /opt/csw/sbin/amdevcheck
> -rwxr-xr-x   1 root     bin        10705 Apr 24  2013 /opt/csw/sbin/amdump
> -rwxr-xr-x   1 root     bin         4876 Apr 24  2013
> /opt/csw/sbin/amdump_client
> -rwxr-xr-x   1 root     bin        27510 Apr 24  2013 /opt/csw/sbin/amfetchdump
> -rwxr-xr-x   1 root     bin        27068 Apr 24  2013 /opt/csw/sbin/amflush
> -rwxr-xr-x   1 root     bin        12529 Apr 24  2013 /opt/csw/sbin/amgetconf
> -rwxr-xr-x   1 root     bin         2741 Apr 24  2013 /opt/csw/sbin/amgpgcrypt
> -rwxr-xr-x   1 root     bin        11490 Apr 24  2013 /opt/csw/sbin/amlabel
> -rwxr-xr-x   1 root     bin       150028 Apr 24  2013 /opt/csw/sbin/amoldrecover
> -rwxr-xr-x   1 root     bin         6576 Apr 24  2013 /opt/csw/sbin/amoverview
> -rwxr-xr-x   1 root     bin         6110 Apr 24  2013 /opt/csw/sbin/amplot
> -rwxr-xr-x   1 root     bin       138924 Apr 24  2013 /opt/csw/sbin/amrecover
> -rwxr-xr-x   1 root     bin        18067 Apr 24  2013 /opt/csw/sbin/amreport
> -rwxr-xr-x   1 root     bin        13005 Apr 24  2013 /opt/csw/sbin/amrestore
> -rwxr-xr-x   1 root     bin         9120 Apr 24  2013 /opt/csw/sbin/amrmtape
> -rwxr-xr-x   1 root     bin        21487 Apr 24  2013
> /opt/csw/sbin/amserverconfig
> -rwxr-xr-x   1 root     bin        16616 Apr 24  2013 /opt/csw/sbin/amservice
> -rwxr-xr-x   1 root     bin        50440 Apr 24  2013 /opt/csw/sbin/amstatus
> -rwxr-xr-x   1 root     bin        19936 Apr 24  2013 /opt/csw/sbin/amtape
> -rwxr-xr-x   1 root     bin        23098 Apr 24  2013 /opt/csw/sbin/amtapetype
> -rwxr-xr-x   1 root     bin         7730 Apr 24  2013 /opt/csw/sbin/amtoc
> -rwxr-xr-x   1 root     bin        30300 Apr 24  2013 /opt/csw/sbin/amvault
> 
> 
> I changed permissions on amcheck (chmod u+s amcheck) and 'permission
> denied' issue was resolved immediately.
> 
> Now I am not sure how many of those binaries have to have set-uid
> root. I don't have record of permissions for binaries that came with
> CSWamanda# 3.1.1. Can someone advice?
> 
> Also, I am not sure if this issue happened on my box because I
> installed new version just by doing 'pkgutil -u amanda  ' instead of
> uninstalling the 3.1.1 and then installing the new version from fresh.
> Or those permissions coming straight from the package?
> 
> Thank you,
> Upen

More information about the maintainers mailing list