amanda 3.3.3

upen upendra.gandhi at gmail.com
Thu Nov 14 18:42:34 CET 2013 

Hi Dago,

> Short anwer: all new packages look in /etc/opt/csw as it is more zone-friendly if
> you have a read-only /opt or /opt on NFS. Usually there is a migration script
> that copies the data from /opt/csw/etc to /etc/opt/csw. This way probably missed
> for amanda. Just move over the config files and you should be fine.

Thank you, I will move over the amanda configuration. I also just
noticed using amadmin that CONFIG_DIR was set to /etc/opt/csw, so I
have to move it.

By the way, after moving the configuration, I saw amcheck failed with
'permission denied'. This looked likeissue with permissions on the
amcheck binary.

Iamroot#su - amanda -c "/opt/csw/sbin/amcheck -a monthlyfull"
Amanda Backup Client Hosts Check
--------------------------------
WARNING: client: selfcheck request failed: Permission denied
Client check: 1 host checked in 10.023 seconds.  1 problem found.

Debug log for amcheck:
Thu Nov 14 11:13:19 2013: thd-34400: amcheck-clients: connect_port:
Skip port 513: owned by login.
Thu Nov 14 11:13:19 2013: thd-34400: amcheck-clients: connect_port:
Skip port 514: owned by shell.
Thu Nov 14 11:13:19 2013: thd-34400: amcheck-clients: connect_port:
Skip port 515: owned by printer.
Thu Nov 14 11:13:19 2013: thd-34400: amcheck-clients: make_socket
opening socket with family 2
Thu Nov 14 11:13:19 2013: thd-34400: amcheck-clients: connect_port:
Try  port 516: available - Permission denied
Thu Nov 14 11:13:19 2013: thd-34400: amcheck-clients: stream_client:
Could not bind to port in range 512-1023.
Thu Nov 14 11:13:19 2013: thd-34400: amcheck-clients:
security_seterror(handle=55d50, driver=ff17c360 (BSDTCP)
error=Permission denied)
Thu Nov 14 11:13:19 2013: thd-34400: amcheck-clients:
security_close(handle=55d50, driver=ff17c360 (BSDTCP))


The permissions on the below binaries are not  set-uid root.
bash-3.00# ls -al /opt/csw/sbin/am*
-rwxr-xr-x   1 root     bin        15399 Apr 24  2013 /opt/csw/sbin/amaddclient
-rwxr-xr-x   1 root     bin        53872 Apr 24  2013 /opt/csw/sbin/amadmin
-rwxr-xr-x   1 root     bin         3383 Apr 24  2013 /opt/csw/sbin/amaespipe
-rwxr-xr-x   1 root     bin        15604 Apr 24  2013 /opt/csw/sbin/amarchiver
-rwxr-xr-x   1 root     bin        64132 Apr 24  2013 /opt/csw/sbin/amcheck
-rwxr-xr-x   1 root     bin         1859 Apr 24  2013 /opt/csw/sbin/amcheckdb
-rwxr-xr-x   1 root     bin        14587 Apr 24  2013 /opt/csw/sbin/amcheckdump
-rwxr-xr-x   1 root     bin         6356 Apr 24  2013 /opt/csw/sbin/amcleanup
-rwxr-xr-x   1 root     bin         4254 Apr 24  2013
/opt/csw/sbin/amcleanupdisk
-rwxr-xr-x   1 root     bin         1065 Apr 24  2013 /opt/csw/sbin/amcrypt
-rwxr-xr-x   1 root     bin         3209 Apr 24  2013 /opt/csw/sbin/amcrypt-ossl
-rwxr-xr-x   1 root     bin         6982 Apr 24  2013
/opt/csw/sbin/amcrypt-ossl-asym
-rwxr-xr-x   1 root     bin         4660 Apr 24  2013
/opt/csw/sbin/amcryptsimple
-rwxr-xr-x   1 root     bin         4613 Apr 24  2013 /opt/csw/sbin/amdevcheck
-rwxr-xr-x   1 root     bin        10705 Apr 24  2013 /opt/csw/sbin/amdump
-rwxr-xr-x   1 root     bin         4876 Apr 24  2013
/opt/csw/sbin/amdump_client
-rwxr-xr-x   1 root     bin        27510 Apr 24  2013 /opt/csw/sbin/amfetchdump
-rwxr-xr-x   1 root     bin        27068 Apr 24  2013 /opt/csw/sbin/amflush
-rwxr-xr-x   1 root     bin        12529 Apr 24  2013 /opt/csw/sbin/amgetconf
-rwxr-xr-x   1 root     bin         2741 Apr 24  2013 /opt/csw/sbin/amgpgcrypt
-rwxr-xr-x   1 root     bin        11490 Apr 24  2013 /opt/csw/sbin/amlabel
-rwxr-xr-x   1 root     bin       150028 Apr 24  2013 /opt/csw/sbin/amoldrecover
-rwxr-xr-x   1 root     bin         6576 Apr 24  2013 /opt/csw/sbin/amoverview
-rwxr-xr-x   1 root     bin         6110 Apr 24  2013 /opt/csw/sbin/amplot
-rwxr-xr-x   1 root     bin       138924 Apr 24  2013 /opt/csw/sbin/amrecover
-rwxr-xr-x   1 root     bin        18067 Apr 24  2013 /opt/csw/sbin/amreport
-rwxr-xr-x   1 root     bin        13005 Apr 24  2013 /opt/csw/sbin/amrestore
-rwxr-xr-x   1 root     bin         9120 Apr 24  2013 /opt/csw/sbin/amrmtape
-rwxr-xr-x   1 root     bin        21487 Apr 24  2013
/opt/csw/sbin/amserverconfig
-rwxr-xr-x   1 root     bin        16616 Apr 24  2013 /opt/csw/sbin/amservice
-rwxr-xr-x   1 root     bin        50440 Apr 24  2013 /opt/csw/sbin/amstatus
-rwxr-xr-x   1 root     bin        19936 Apr 24  2013 /opt/csw/sbin/amtape
-rwxr-xr-x   1 root     bin        23098 Apr 24  2013 /opt/csw/sbin/amtapetype
-rwxr-xr-x   1 root     bin         7730 Apr 24  2013 /opt/csw/sbin/amtoc
-rwxr-xr-x   1 root     bin        30300 Apr 24  2013 /opt/csw/sbin/amvault


I changed permissions on amcheck (chmod u+s amcheck) and 'permission
denied' issue was resolved immediately.

Now I am not sure how many of those binaries have to have set-uid
root. I don't have record of permissions for binaries that came with
CSWamanda# 3.1.1. Can someone advice?

Also, I am not sure if this issue happened on my box because I
installed new version just by doing 'pkgutil -u amanda  ' instead of
uninstalling the 3.1.1 and then installing the new version from fresh.
Or those permissions coming straight from the package?

Thank you,
Upen

More information about the users mailing list