On Sat, May 25, 2019 at 17:43:15 -0400, Gene Heskett wrote: > On Saturday 25 May 2019 03:25:22 pm Nathan Stratton Treadway wrote: > > On Sat, May 25, 2019 at 06:38:28 -0400, Gene Heskett wrote: > > > > Amanda Backup Client Hosts Check > > > -------------------------------- > > > ERROR: coyote: selfcheck request failed: > > > file/dir '/usr/local/etc/amanda-security.conf' > > > (/usr/local/etc/amanda-security.conf) is not owned by root > > > ERROR: shop: selfcheck request failed: > > > file/dir '/usr/local/etc/amanda-security.conf' > > > (/usr/local/etc/amanda-security.conf) is not owned by root > > > > I'm not immediately finding the discussion in the archives, but If I > > remember correctly from some earlier discussion on this topic, the > > confusing thing about this message is that it's run once per client > > machine, but it's actually checking the amanda-security.conf file on > > the server. > > > I don't think so, as earlier today I was getting rid of some of the error > messages by editing the client files. But 2 clients didn't even have it, > so you could well be right. And there is 2 copies on this, the server. > May. or may not be identical. So I just nuked the one not named. > > > > In any case, what does > > # ls -l /usr/local/etc/amanda-security.conf > > (on your server) show? > rw-r--r-- 1 gene staff 1986 Oct 31 2018 /usr/local/etc/amanda-security.conf > > And its 100% comments. What is it supposed to contain? If the comments > are correct, I expect I can fix it.
On Sat, May 25, 2019 at 17:48:37 -0400, Gene Heskett wrote: > On Saturday 25 May 2019 03:52:07 pm Nathan Stratton Treadway wrote: > > Hmm... did you change the --with-security-file sectting in your gh.cf > > script recently? > > > > (In the version you posted to the list on 5 Apr 2019, you had > > "--with-security-file=/etc/amanda-security.conf", which doesn't match > > the path in the error messages -- so if you did not change that line > > since then, there's something wierd going on that will need to be > > tracked down....) > > > > > That line has been: > --with-bsdtcp-security \ > --with-amandahosts \ > for a decade or more > > > > Nathan > The whole thing: > !/bin/sh > # since I'm always forgetting to su amanda... > if [ `whoami` != 'amanda' ]; then > echo > echo "!!!!!!!!!!!!!!!!!! Warning !!!!!!!!!!!!!!!!!!!" > echo "Amanda needs to be configured and built by the" > echo "user amanda, but must be installed by user root." > echo > exit 1 > fi > make clean > rm -f config.status config.cache > ./configure --with-user=amanda \ > --with-group=disk \ > --with-owner=amanda \ > --with-gnu-ld \ > --prefix=/usr/local/ \ > --with-debugging=/tmp/amanda-dbg/ \ > --with-tape-server=coyote \ > --with-bsdtcp-security --with-amandahosts \ > --with-configdir=/usr/local/etc/amanda \ > --enable-manpage-build \ > --with-readline \ > --with-gnutar=/bin/tar > echo "sleeping for reading configures warnings" > echo "a make as amanda will continue after 75 seconds..." > sleep 75 > make Well... the version you posted on "Date: Fri, 5 Apr 2019 13:00:36 -0400" actually has: ==== [...] --with-readline \ --with-gnutar=/bin/tar --with-security-file=/etc/amanda-security.conf echo "sleeping for reading configures warnings" [....] ==== (which is the line I was referring to)... but I see that the with-gnutar line is missing the trailing "\" so the with-security-file line would have been ignored anyway.... As I recall, you added the --with-security-file=/etc/amanda-security.conf line (and with a correct "\" before it) to your script sometime in the past couple of years because Amanda 3.4-and-later require that each directory on the path to that file is owned and writable only by root, and your existing /usr/local/etc/ path did not meet that requirement. You can see from the "ls" output that the current amanda-security.conf file is not owned by root, but the permissions look okay, so I think if you just do a "chown root /usr/local/etc/amanda-security.conf", you will resolve the current error from amcheck. (But you may well then get a new error, about a parent directory in that path...) The amanda-security.conf file is indeed mostly just comments. Whether you need to add a line (e.g. tcp_port_range= or udp_port_range=) to the file depends on what auth types your DLEs use... but the first step is to get amcheck to accept the permissions on the file-and-parent-path.... Nathan ---------------------------------------------------------------------------- Nathan Stratton Treadway - natha...@ontko.com - Mid-Atlantic region Ray Ontko & Co. - Software consulting services - http://www.ontko.com/ GPG Key: http://www.ontko.com/~nathanst/gpg_key.txt ID: 1023D/ECFB6239 Key fingerprint = 6AD8 485E 20B9 5C71 231C 0C32 15F3 ADCD ECFB 6239