On Sun, May 26, 2019 at 09:24:35 -0400, Gene Heskett wrote: > On Sunday 26 May 2019 04:48:59 am Gene Heskett wrote: > > > On Saturday 25 May 2019 11:46:46 pm Nathan Stratton Treadway wrote: > > > Then, from that checkout directory, run your gh.cf script to kick > > > off the build (first making sure the --with-security-file= line is > > > what you want it to be)... and see what happens.... > > > > My script has never had that line, as its using > > --with-bsd-security --with-amandahosts \ > > and that has worked for around a decade using the repos .deb clients. > > Do I need to change that?
Note that the "--with-XXX-security" options are completely different than the "--with-security-file=<path-to-file>" option. I found the thread where you hit the problem before (of course it was buried under an unrelated Subject line...). Look for the message From: Gene Heskett <ghesk...@shentel.net> To: amanda-users@amanda.org Subject: Re: Zmanda acquired from Carbonite by BETSOL -- future of Amanda development Date: Thu, 4 Oct 2018 07:11:15 -0400 (currently found in archives at https://www.mail-archive.com/amanda-users@amanda.org/msg49927.html or http://www.backupcentral.com/forum/14/291870/291873/re__zmanda_acquired_from_carbonite_by_betsol_--_future_of_amanda_development#msg-291873 ) Anyway, the point is that last October you definitely changed your gh.cf script to include "--with-security-file=/etc/amanda-security.conf"... [For what it's worth I found several occasions between then and now in which you posted a copies of your gh.cf script to the list, and those copies did include the --with-security-file option. So perhaps you have a different version of your script stashed somewhere else? For example, though the rest of the thread is unrelated to the discussion today, the copy of your script posted in the following message includes not only --with-security-file but also --with-amandates-file added below that (both of which are missing from the version you posted on yesterday): From: Gene Heskett <ghesk...@shentel.net> To: amanda-users@amanda.org Subject: amanda backup fails Date: Mon, 10 Dec 2018 19:05:23 -0500 https://www.mail-archive.com/amanda-users@amanda.org/msg50346.html ] > but I cannot seem to fix this erronious error. [...] > Amanda Backup Client Hosts Check > -------------------------------- > ERROR: coyote: selfcheck request failed: file/dir '/usr/local/etc' > (/usr/local/etc/amanda-security.conf) is writable by the group > ERROR: shop: selfcheck request failed: file/dir '/usr/local/etc' > (/usr/local/etc/amanda-security.conf) is writable by the group > ERROR: picnc: selfcheck request failed: file/dir '/usr/local/etc' > (/usr/local/etc/amanda-security.conf) is writable by the group > ERROR: GO704: selfcheck request failed: file/dir '/usr/local/etc' > (/usr/local/etc/amanda-security.conf) is writable by the group > ERROR: lathe: selfcheck request failed: file/dir '/usr/local/etc' > (/usr/local/etc/amanda-security.conf) is writable by the group > Client check: 5 hosts checked in 13.184 seconds. 5 problems found. > (brought to you by Amanda 3.5.1.git.19364c7b) > [...] > amanda@coyote:~/amanda$ ls -l /usr/local/etc/ > total 48 > drwx------ 3 amanda backup 4096 May 26 04:17 amanda > -rw-r--r-- 1 amanda backup 55 Jul 17 2014 amanda-client.conf > -rwx------ 1 root staff 2033 May 26 08:41 amanda-security.conf > and as you can see, is not writeable by group but /etc/group amanda-security.conf itself is not writable by group... but _this_ error message (unlike the one in the previous email) is complaining about the "/usr/local/etc" directory. This is the problem you were working on last October (in the above-referenced thread and a couple of others in that same timeframe), but based on the referenced message I believe the solution you settled on at that time was to use "--with-security-file=/etc/amanda-security.conf" in your build script -- with that, you do not need to worry about the group permissions on each parent directory in the /usr/local/etc path... So, I think your best bet is to stick with your earlier solution, i.e. do another rebuild with that option added back in to the script. After that it should be easy to resolve the amnda-security.conf permission checks. (If I remember correctly the build-install cycle should create a new /etc/amanda-security.conf file for you. If not I guess you'll find out as soon as you try amcheck, and then you can copy/move the existing one into /etc/ ....) Nathan ---------------------------------------------------------------------------- Nathan Stratton Treadway - natha...@ontko.com - Mid-Atlantic region Ray Ontko & Co. - Software consulting services - http://www.ontko.com/ GPG Key: http://www.ontko.com/~nathanst/gpg_key.txt ID: 1023D/ECFB6239 Key fingerprint = 6AD8 485E 20B9 5C71 231C 0C32 15F3 ADCD ECFB 6239
