Re: building (non-Debianized) Amanda on Stretch

Mon, 27 May 2019 09:37:56 -0700 

On Mon, May 27, 2019 at 11:57:29 -0400, Gene Heskett wrote:
> next pass at amcheck Daily got this:
> 
> manda@coyote:/root$ /usr/local/sbin/amcheck Daily
> Amanda Tape Server Host Check
[...]
> Amanda Backup Client Hosts Check
> --------------------------------
> ERROR: lathe: selfcheck request failed: amcheck-clients: error 
> [exec /usr/local/libexec/amanda/ambind: Permission denied]
[...] 
> amanda@coyote:/root$ ls -l /usr/local/libexec/amanda/ambind
> -rwsr-x--- 1 root backup 26840 May 27 
> 11:11 /usr/local/libexec/amanda/ambind
> 
> Is that correct? If wrong for owner root, whats the fix, which we'll need 

Yes, that is correct.  This is a setuid binary (note the "s" in
"rwsr-x") and is intended to run as root (and thus it needs to be owned
by root).

> 
> This is /etc/group now
> 
> amanda@coyote:/root$ grep amanda /etc/group
> mail:x:8:gene,amanda
> amanda:x:1001:
> 
> amanda@coyote:/root$ grep backup /etc/group
> backup:x:34:



Ah, I see...  Looking back your at email from yesterday, you had:
> root@coyote:amanda$ grep backup /etc/group
> disk:x:6:gene,backup
> backup:x:34:
> amanda:x:1001:backup

Well, when I looked through that message, I didn't notice that you had
added the "backup" user to the "amanda" group, rather than the other way
around....

That is, in your new build script your are telling the Amanda config
that you want to use the "backup" group to run Amanda... but at the
moment your "amanda" user is not a member of that group.

So, add "amanda" to the "backup" group and try amcheck again.  

(Then you might as well remove "backup" from the "amanda" group, to keep
things cleaned up...

In the end the groups file should have these two lines:
  backup:x:34:amanda
  amanda:x:1001:
)

                                                Nathan


----------------------------------------------------------------------------
Nathan Stratton Treadway  -  natha...@ontko.com  -  Mid-Atlantic region
Ray Ontko & Co.  -  Software consulting services  -   http://www.ontko.com/
 GPG Key: http://www.ontko.com/~nathanst/gpg_key.txt   ID: 1023D/ECFB6239
 Key fingerprint = 6AD8 485E 20B9 5C71 231C  0C32 15F3 ADCD ECFB 6239

Reply via email to