amanda 3.3.3
Dagobert Michelsen
dam at opencsw.org
Thu Nov 14 18:46:50 CET 2013
Hi Upen,
Am 14.11.2013 um 18:42 schrieb upen:
> By the way, after moving the configuration, I saw amcheck failed with
> 'permission denied'. This looked likeissue with permissions on the
> amcheck binary.
>
> Iamroot#su - amanda -c "/opt/csw/sbin/amcheck -a monthlyfull"
> Amanda Backup Client Hosts Check
> --------------------------------
> WARNING: client: selfcheck request failed: Permission denied
> Client check: 1 host checked in 10.023 seconds. 1 problem found.
>
> Debug log for amcheck:
> Thu Nov 14 11:13:19 2013: thd-34400: amcheck-clients: connect_port:
> Skip port 513: owned by login.
> Thu Nov 14 11:13:19 2013: thd-34400: amcheck-clients: connect_port:
> Skip port 514: owned by shell.
> Thu Nov 14 11:13:19 2013: thd-34400: amcheck-clients: connect_port:
> Skip port 515: owned by printer.
> Thu Nov 14 11:13:19 2013: thd-34400: amcheck-clients: make_socket
> opening socket with family 2
> Thu Nov 14 11:13:19 2013: thd-34400: amcheck-clients: connect_port:
> Try port 516: available - Permission denied
> Thu Nov 14 11:13:19 2013: thd-34400: amcheck-clients: stream_client:
> Could not bind to port in range 512-1023.
> Thu Nov 14 11:13:19 2013: thd-34400: amcheck-clients:
> security_seterror(handle=55d50, driver=ff17c360 (BSDTCP)
> error=Permission denied)
> Thu Nov 14 11:13:19 2013: thd-34400: amcheck-clients:
> security_close(handle=55d50, driver=ff17c360 (BSDTCP))
>
> The permissions on the below binaries are not set-uid root.
> bash-3.00# ls -al /opt/csw/sbin/am*
> -rwxr-xr-x 1 root bin 15399 Apr 24 2013 /opt/csw/sbin/amaddclient
> -rwxr-xr-x 1 root bin 53872 Apr 24 2013 /opt/csw/sbin/amadmin
> -rwxr-xr-x 1 root bin 3383 Apr 24 2013 /opt/csw/sbin/amaespipe
> -rwxr-xr-x 1 root bin 15604 Apr 24 2013 /opt/csw/sbin/amarchiver
> -rwxr-xr-x 1 root bin 64132 Apr 24 2013 /opt/csw/sbin/amcheck
> -rwxr-xr-x 1 root bin 1859 Apr 24 2013 /opt/csw/sbin/amcheckdb
> -rwxr-xr-x 1 root bin 14587 Apr 24 2013 /opt/csw/sbin/amcheckdump
> -rwxr-xr-x 1 root bin 6356 Apr 24 2013 /opt/csw/sbin/amcleanup
> -rwxr-xr-x 1 root bin 4254 Apr 24 2013
> /opt/csw/sbin/amcleanupdisk
> -rwxr-xr-x 1 root bin 1065 Apr 24 2013 /opt/csw/sbin/amcrypt
> -rwxr-xr-x 1 root bin 3209 Apr 24 2013 /opt/csw/sbin/amcrypt-ossl
> -rwxr-xr-x 1 root bin 6982 Apr 24 2013
> /opt/csw/sbin/amcrypt-ossl-asym
> -rwxr-xr-x 1 root bin 4660 Apr 24 2013
> /opt/csw/sbin/amcryptsimple
> -rwxr-xr-x 1 root bin 4613 Apr 24 2013 /opt/csw/sbin/amdevcheck
> -rwxr-xr-x 1 root bin 10705 Apr 24 2013 /opt/csw/sbin/amdump
> -rwxr-xr-x 1 root bin 4876 Apr 24 2013
> /opt/csw/sbin/amdump_client
> -rwxr-xr-x 1 root bin 27510 Apr 24 2013 /opt/csw/sbin/amfetchdump
> -rwxr-xr-x 1 root bin 27068 Apr 24 2013 /opt/csw/sbin/amflush
> -rwxr-xr-x 1 root bin 12529 Apr 24 2013 /opt/csw/sbin/amgetconf
> -rwxr-xr-x 1 root bin 2741 Apr 24 2013 /opt/csw/sbin/amgpgcrypt
> -rwxr-xr-x 1 root bin 11490 Apr 24 2013 /opt/csw/sbin/amlabel
> -rwxr-xr-x 1 root bin 150028 Apr 24 2013 /opt/csw/sbin/amoldrecover
> -rwxr-xr-x 1 root bin 6576 Apr 24 2013 /opt/csw/sbin/amoverview
> -rwxr-xr-x 1 root bin 6110 Apr 24 2013 /opt/csw/sbin/amplot
> -rwxr-xr-x 1 root bin 138924 Apr 24 2013 /opt/csw/sbin/amrecover
> -rwxr-xr-x 1 root bin 18067 Apr 24 2013 /opt/csw/sbin/amreport
> -rwxr-xr-x 1 root bin 13005 Apr 24 2013 /opt/csw/sbin/amrestore
> -rwxr-xr-x 1 root bin 9120 Apr 24 2013 /opt/csw/sbin/amrmtape
> -rwxr-xr-x 1 root bin 21487 Apr 24 2013
> /opt/csw/sbin/amserverconfig
> -rwxr-xr-x 1 root bin 16616 Apr 24 2013 /opt/csw/sbin/amservice
> -rwxr-xr-x 1 root bin 50440 Apr 24 2013 /opt/csw/sbin/amstatus
> -rwxr-xr-x 1 root bin 19936 Apr 24 2013 /opt/csw/sbin/amtape
> -rwxr-xr-x 1 root bin 23098 Apr 24 2013 /opt/csw/sbin/amtapetype
> -rwxr-xr-x 1 root bin 7730 Apr 24 2013 /opt/csw/sbin/amtoc
> -rwxr-xr-x 1 root bin 30300 Apr 24 2013 /opt/csw/sbin/amvault
>
>
> I changed permissions on amcheck (chmod u+s amcheck) and 'permission
> denied' issue was resolved immediately.
>
> Now I am not sure how many of those binaries have to have set-uid
> root. I don't have record of permissions for binaries that came with
> CSWamanda# 3.1.1. Can someone advice?
I guess this was missed when converting from the legacy package to our new buildsystem:
http://sourceforge.net/apps/trac/gar/browser/csw/mgar/pkg/amanda/trunk/Makefile
(See --disable-installperms) This needs to be converted to permission settings in
the package.
> Also, I am not sure if this issue happened on my box because I
> installed new version just by doing 'pkgutil -u amanda ' instead of
> uninstalling the 3.1.1 and then installing the new version from fresh.
> Or those permissions coming straight from the package?
This is a problem with the package. Would you please open a bug report?
http://www.opencsw.org/packages/amanda/
Best regards
-- Dago
More information about the users
mailing list