HI again Yes my disk are writable by disk group ls -al /dev/nst0 crw-rw---- 1 root disk 9, 128 30 2004 nst0
Cheers Chuck On Mon, 2005-04-18 at 11:51 -0400, Jon LaBadie wrote: > On Mon, Apr 18, 2005 at 04:17:16PM +0100, Chuck Amadi wrote: > > Hi reinstalled amanda as Root make distclean > > As amanda ./configure --( My preferences) > > As amanada make > > As Root make install > > > > Thus checked /local/sw/amanda/bckup/sbin/amcheck ls -al command the > > output as below: > > > > -rwsr-x--- 1 root disk 86322 Apr 18 16:03 amcheck > > > > But when I run the following amcheck command > > > > myserver:/local/sw/amanda/bckup/sbin # su amanda -c > > "/local/sw/amanda/bckup/sbin/amcheck" > > zsh: permission denied: /local/sw/amanda/bckup/sbin/amcheck > > myservefr:/local/sw/amanda/bckup/sbin # > > > > Im going a bit crazy Now! as I assume the sticky bit would sort out the > > permission issue. > > > For some things amanda absolutely needs root privileges. > But there is a principle which amanda trys to adhere to > of "least privileges for the task". So although the binary > amcheck is now properly owned by root, properly setuid'ed, > and probably properly group owned by disk, for some tasks > amcheck may create child processes that lack root privilege. > > One of those I think is disk (if using dump rather than tar) > and tape access. It may be necessary to check the permissions > on your devices to ensure they are group "disk" readable and > for the tape, writable. > > > As to executing amcheck, note that the owner root can execute it, > members of group disk can execute it, but the rest of the world > can not. Were you root when you executed it, no you were amanda. > So you the user had to be a member of group disk to execute it. > What group(s) does user 'amanda' have rights to? Did you get them > after doing the 'su' command? The cmd 'id' will tell you the latter. > > -- Unix/ Linux Systems Administrator The Surgical Material Testing Laboratory (SMTL), Princess of Wales Hospital Coity Road Bridgend, United Kingdom, CF31 1RQ. Tel: +44 1656 752820 Fax: +44 1656 752830