>I have just inherited a system running Amanda. I have performed a few
>test restores and it appears that the system is only backing up files
>which are world readable.
What??? You're actually testing??? :-)
>I watched it perform a backup and it appears that it is using 'dumper' to
>dump all information. This program is running as the user 'backup'. My
>guess is there should be a SUID program which is calling dumper, or dumper
>itself might need to be SUID w/group perms of backup.
Here's the big picture. Dumper runs on your "server" and reaches out to
the "clients" to back them up. Dumper is not doing the actual dumps.
That's done by amandad->sendbackup->{dump or GNU tar} on the client.
Dumper just collects the resulting image and either puts it in your
holding disk or sends it to taper.
Dumper actually is setuid, but it only needs it briefly at startup to
get a privileged port.
Since you are backing up some files, that implies you are using GNU tar
rather than a system dump program (the advice from Josh and Joi would
only apply to dump). When Amanda runs GNU tar, it does it via a setuid
wrapper in .../libexec/runtar (wherever Amanda is installed) for the
very reasons you brought up. My guess is you've lost the setuid bit
(or owner) on this.
Just in case (and since nobody has asked for a few days :-), here is
the list of what must be setuid in the Amanda installation area:
-rwsr-x--- 1 root backup 244676 Nov 3 14:41 libexec/calcsize
-rwsr-x--- 1 root backup 803996 Nov 3 15:17 libexec/dumper
-rwsr-x--- 1 root backup 233356 Nov 3 14:41 libexec/killpgrp
-rwsr-x--- 1 root backup 944400 Nov 3 15:17 libexec/planner
-rwsr-x--- 1 root backup 231064 Nov 3 14:41 libexec/rundump
-rwsr-x--- 1 root backup 231900 Nov 3 14:41 libexec/runtar
-rwsr-x--- 1 root backup 953364 Nov 3 15:18 sbin/amcheck
>matt
John R. Jackson, Technical Software Specialist, [EMAIL PROTECTED]
