Re: [Bacula-users] What devices SD needs to access?

Wed, 18 Jan 2006 04:19:26 -0800 

On Wednesday 18 January 2006 12:05, Timo Neuvonen wrote:
> Recently here was some discussion about uid used to run Bacula.
>
> Now, I'm trying to make storage daemon to run as user/group bacula.
> User bacula belongs to group disk (FC4, no SELinux)
>
> Tape drive (Exabyte VXA-2) is /dev/nst0:
> [EMAIL PROTECTED] dev]# ll nst0
> crw-rw----  1 root disk 9, 128 Jan  7 22:56 nst0
> [EMAIL PROTECTED] dev]# ll / | grep dev
> drwxr-xr-x    9 root root      4860 Jan 12 15:52 dev
>
> mtx is world executable:
> [EMAIL PROTECTED] dev]# ll `which mtx`
> -rwxr-xr-x  1 root root 20480 Mar  7  2005 /usr/sbin/mtx
>
>
> Anyway, storage daemon still cannot access the tape drive:
> 18-Jan 11:25 dogbert-sd: BackupCatalog.2006-01-18_11.25.04 Fatal error:
> dev.c:362 dev.c:356 Unable to open device "Exabyte" (/dev/nst0):
> ERR=Permission denied
> 18-Jan 11:25 dogbert-sd: BackupCatalog.2006-01-18_11.25.04 Fatal error:
> device.c:296 Unable to open device "Exabyte" (/dev/nst0): ERR=dev.c:356
> Unable to open device "Exabyte" (/dev/nst0): ERR=Permission denied
> 18-Jan 11:25 dogbert-fd: BackupCatalog.2006-01-18_11.25.04 Fatal error:
> job.c:1602 Bad response to Append Data command. Wanted 3000 OK data, got
> 3903 Error append data
>
> Status Storage from console results in:
> Device status:
> Device "Exabyte" (/dev/nst0) is not open or does not exist.

From what I see above, the userid/group under which Bacula is running does not 
have permission to open the device /dev/nst0.  You should "su bacula" and 
manually try some operation such as rewinding the drive with mt to ensure you 
get everything right.  You should also try using mtx and the mtx-changer 
script manually, so that you can more easily "see"  the errors.

>
>
> What else is required before SD can run as non-root?
> Kern mentions "tape control channel" in his 1.38.4 release message, what is
> that contol channel? Does it apply only to autochangers (I don't have a
> one)?

The tape control channel is the device name that you put on your "Changer 
device" directive in the Device resource in the bacula-sd.conf file -- 
typically something like /dev/sg0.

>
>
> btw,
> Running both SD and director as non-root user/group bacula is certainly a
> good thing in to start with, but does that still give some unnecessary
> power (group disk privs to file system...) to the director? Maybe I should
> consider removing user bacula from group disk, and make SD only to run as
> user bacula / group disk?

Yes, that is probably a good idea, and I will seriously consider making the SD 
run as bacula/disk, which would probably eliminate a good number of the 
support problems.

>
> --
> TiN
>
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc. Do you grep through log
> files for problems?  Stop!  Download the new AJAX search engine that makes
> searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
> _______________________________________________
> Bacula-users mailing list
> Bacula-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bacula-users

-- 
Best regards,

Kern

  (">
  /\
  V_V


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid3432&bid#0486&dat1642
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users

Reply via email to