On Tuesday 15 October 2002 05:47, Joshua Baker-LePain wrote: >On Mon, 14 Oct 2002 at 5:08pm, Gene Heskett wrote > >> On Monday 14 October 2002 11:38, Anthony Valentine wrote: >> >Would it look in /home/backup if Amanda were compiled with >> > 'backup' as the amanda user? >> >> It sure would, but thats not how we are instructed to build >> amanda. Amanda should be configured and built as user amanda, >> and amanda (the user) should be made a member of the group >> backup or disk. > >Actually (sorry Gene) the name of the amanda user is really > irrelevant, and there's no issues with it being the same as the > group. So having amanda run as backup:backup is fine. > >> Amanda should be installed from user root, but thats the only >> time non-amanda permissions are required. Running as user >> amanda, she will do her own suid root when she needs to. > >Yep.
My nit to pick with that even if it works ok, is that the user 'backup' normally has much higher permission levels than amanda would have. As to whether or not this would get in the way of amanda's suid operations I haven't actually tested. Thats as much why I recommend amanda be itself as a user, and a member of either group disk or group backup. Its not carved in very hard stone, but rather as one method that demonstratably works. As most of us know, amanda will not run if launched by root. And configuring & building her while being root is one of the more common mistakes folks make. Security-wise a hacker named backup can do a lot more damage than the lowly, virtually no permissions user named amanda. That point should be thought about, very carefully in a business environment in particular. However, I just checked, and I have no group named backup on this RedHat 7.3 system. So unless one sets up a group named backup, and makes it a member of group root, then there is no problem *on this system*. But I have seen systems with a group named backup that had root permissions in past times. -- Cheers, Gene AMD K6-III@500mhz 320M Athlon1600XP@1400mhz 512M 99.18% setiathome rank, not too shabby for a WV hillbilly
