On Thu, May 20, 2004 at 04:47:32PM -0400, Gene Heskett wrote: > On Thursday 20 May 2004 14:10, Steven Schoch wrote: > > The client (named "marge") is > > running FreeBSD 4.7, running amanda 2.4.4p2 compiled from source > > > >./configure --without-server --with-group=amanda --with-user=amanda > >--with-amandahosts > > This is the wrong group
Agreed. For our FreeBSD systems it's group "operator". > the group may be bin, backup or disk, but it > should have essentially root rights to the system. I strongly disagree! Maybe "backup" or "disk", depending on the box, but NOT "bin" (I posted on this a couple of days ago), and NOT "essentially root rights". The only special privilege the Amanda client needs is to read data off the disks. Precisely what privilege that consists of depends on the circumstances: - For gtar, you need root. More specifically, gtar itself needs root, but the rest of the Amanda process tree doesn't. Amanda provides the runtar wrapper program, which is installed setuid root, to give gtar the privilege it needs. Thus, Amanda can run under any user+group combination at all. Safety suggests creating a user and group specifically for Amanda, especially because that's the best way to keep ordinary users from being able to use runtar for their own nefarious purposes (this works because runtar is installed as: -rwsr-x--- 1 root XXX 36615 Jun 25 2003 runtar where XXX is the group specified to "--with-group", i.e. without world execute permission). On the system where we use gtar, I made the obvious choice: "--with-group=amanda". - On some systems, dump (or the local equivalent -- ufsdump, vfxdump, or whatever) also needs root. But again, Amanda provides a setuid-root wrapper, rundump, to accomplish that, so all of the above applies to this case too. (rundump is only installed on systems whose dump requires it, or you can force the issue by passing "--with-rundump" to configure.) - On other systems, including FreeBSD, all dump needs is read (but NOT write) permission on the disk-device special files. One of these, chosen at random from one of our FreeBSD boxen, looks like this: crw-r----- 2 root operator 116, 27 Apr 28 2003 /dev/rad3d Thus, building Amanda with "--with-group=operator" is all that's needed. On this box, the "operator" group doesn't have access to very much else at all. If it had, I'd probably have created a new group for Amanda and chgrp'ed the special files in question. On our Solaris boxes, the group with read-only access to the disk special files is "sys". So that's what I built Amanda with for Solaris. To be honest, I no longer remember whether either Solaris or FreeBSD sets up disk-device special files this way "out of the box", or whether I did it myself. > A gid <=10 is > desireable. This doesn't seem relevent one way or the other. No gid's have any special privilege as far as the kernel is concerned. (And even for uid's, <=10 has no significance -- only ==0 is magic.) -- | | /\ |-_|/ > Eric Siegerman, Toronto, Ont. [EMAIL PROTECTED] | | / It must be said that they would have sounded better if the singer wouldn't throw his fellow band members to the ground and toss the drum kit around during songs. - Patrick Lenneau