On Mon, Jan 24, 2005 at 03:51:13PM -0500, Gene Heskett wrote: > Now become 'amanda' and do an amcheck, which works just fine. > Back out of that and become 'gene' and the permissions are denied, the > user gene, even though he built it, cannot run it. > [...] > So basicly it has to be run by whomever is set in the configuration, > but not by who built it.
That's my understanding. Kind of makes sense. And it's certainly how the permissions are set up here: -rwsr-x--- 1 root operator 87183 Apr 23 2004 /usr/local/sbin/amcheck (Our Amanda server is a FreeBSD box, on which group "operator" serves the same function as "disk" on your machines.) Amdump insists on being run by the Amanda user too (the file has read and execute permission for everyone, but the script itself checks). > If I were to change that line in the > configuration, then I'd assume gene could run it, but not amanda. I'd imagine so. Of course, amcheck might get some errors, since "gene" isn't in the "disk" group, and (hopefully) doesn't have permission to write index, log, and tapelist files. (If amcheck didn't notice, amdump certainly would...) > I'll leave it this way for now & see how it runs tonight. Cool. I'm looking forward to the results :-) -- | | /\ |-_|/ > Eric Siegerman, Toronto, Ont. [EMAIL PROTECTED] | | / The animal that coils in a circle is the serpent; that's why so many cults and myths of the serpent exist, because it's hard to represent the return of the sun by the coiling of a hippopotamus. - Umberto Eco, "Foucault's Pendulum"