On Tue, 14 Mar 2006, Stefan G. Weichinger wrote:

Mitch Collinsworth schrieb:

On Tue, 14 Mar 2006, Jon LaBadie wrote:
IIRC amcheck does NOT run some of its checks as root.
Thus if the amanda user running amcheck can not visit
/mnt/data06/Deforest3 and needed directories below that,
it could cause errors like that above when amcheck looked
for files.

It's worse than that.  Include processing is performed before setuid
root mode is started.  selfcheck, sendsize, and sendbackup all fail
to include directories that the amanda user can't read.  You just
lose and the directories don't get backed up.  Makes it hard to
provide a backup service for machines that aren't centrally managed,
which is more and more the way the world (for some of us) is going.

Sounds BAD.

I'd like to know more on that ... is this a major issue for Amanda in
general ... do we have to do major patches ... what can we do ...

It's BAD for those of us who are trying to offer backups for machines
that aren't centrally managed.  It was discussed a bit on -hackers in
2004 - April and again in July.  Solutions were suggested but never
agreed upon.  One was to add another setuid to perform include
parsing.  Another was to add include parsing to gnutar.


Amanda 2.5.0 is near and I would really prefer to get it out without
major problems in its source code.

I haven't looked at 2.5.0 code to see if it's fixed there or not.

-Mitch

Reply via email to