Re: Zmanda acquired from Carbonite by BETSOL -- future of Amanda development

[Gene Heskett]

On Wednesday 03 October 2018 22:07:53 Olivier wrote:

> Gene,
>
> Sorry, I missed your message yesterday.
>
> > ERROR: picnc: selfcheck request failed: file/dir '/usr/local/etc'
> > (/usr/local/etc/amanda-security.conf) is writable by the group
> > Client check: 5 hosts checked in 11.356 seconds.  5 problems found.
> >
> > ...
> >
> > The man page says its to be in /etc/amanda, but since this is a
> > local build, its in /usr/local/etc/amanda.
>
> First, I see a discrepancy: the error messge places the file
> amanda-security.conf in /usr/local/etc while according to what you say
> later about the man page, you expect it to be in /usr/local/etc/amanda
>
> The error message is complaining about the mode of the directory, not
> about the file. But mode on /usr/local/etc are not for Amanda only,
> it's a system stuff, so it is not really realistic to change them.
>
> So the solution was to move the file to /usr/local/etc/amanda, as
> suggested by the man, where you can adjust the mode more to Amanda
> linking.
>
> To do that, I modified the Makefile in FreeBSD port to include the
> option:
>
> --with-security-file=/usr/local/etc/amanda/amanda-security.conf
>
> [ In the case of FreeBSDm it was:
>
> --with-security-file=${ETCDIR}/amanda/amanda-security.conf
>
> I also informed the port maintener that there maybe a change needed]
>
> I hope that helps.
>
> Olivier

May I be so rude as to point out 
that --with-security-file=/path/to/amanda-security.conf doesn't work 
according to the config output. I moved it 
to /usr/local/etc/amanda/Daily. It is there, and owned by amanda:disk, 
but configure reports:
./gh.cf: 
25: ./gh.cf: 
--with-security_file=/usr/local/etc/amanda/Daily/amanda-security.conf: 
not found

So I'll state that until now I hadn't noted your use of a dash whereas I 
was using and underscore, so I fixed that and reran the script, getting 
this at the synopsis at the end:

./gh.cf: 
25: ./gh.cf: 
--with-security-file=/usr/local/etc/amanda/Daily/amanda-security.conf: 
not found

But as amanda, ls -l /usr/local/etc/amanda/Daily returns
total 136
-rw-r--r-- 1 amanda disk 21488 Oct 25  2005 3hole.ps
-rw-r--r-- 1 amanda disk  5887 Oct 25  2005 8.5x11.ps
-rw-r--r-- 1 amanda disk 25389 Oct  3 09:49 amanda.conf
-rw-r--r-- 1 amanda disk 24655 Apr 20  2012 amanda.conf~
-rw-r--r-- 1 amanda disk  2034 Oct  2 14:26 amanda-security.conf <
-rw--- 1 amanda disk   222 Oct  3 12:36 chg-disk
-rw-r--r-- 1 amanda disk 2 Aug 24 13:42 chg-disk-access
-rw-r--r-- 1 amanda disk 3 Aug 24 13:42 chg-disk-clean
-rw-r--r-- 1 amanda disk 2 Aug 24 13:42 chg-disk-slot
-rw-r--r-- 1 amanda disk   765 May 22  2004 chg-scsi.conf
-rw--- 1 amanda disk16 Mar  4  2017 command_file
-rw-r--r-- 1 amanda disk  3977 Aug 30 06:28 disklist
-rw-r--r-- 1 amanda disk  5002 Apr  3  2012 disklist~
-rw--- 1 amanda disk  2566 Oct  3 12:24 tapelist
-rw--- 1 amanda disk  1071 Aug 24 13:22 tapelist.amlabel
lrwxrwxrwx 1 amanda disk 5 Mar  4  2017 tapelist.last_write -> 16356
-rw--- 1 amanda disk 0 Aug 31 03:03 tapelist.lock

Of what use is the option if it doesn't work?

An error message that tells you WHY its not found would at least hint at 
what it takes to fix it. Security by obscurity like this is a right 
PITA.

Until there is a fix that works, this thread is a waste of bandwidth.
Thank you for trying, Nathan and Oliver, its appreciated.

-- 
Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 

Re: Zmanda acquired from Carbonite by BETSOL -- future of Amanda development

[Gene Heskett]

On Wednesday 03 October 2018 22:07:53 Olivier wrote:

> Gene,
>
> Sorry, I missed your message yesterday.
>
> > ERROR: picnc: selfcheck request failed: file/dir '/usr/local/etc'
> > (/usr/local/etc/amanda-security.conf) is writable by the group
> > Client check: 5 hosts checked in 11.356 seconds.  5 problems found.
> >
> > ...
> >
> > The man page says its to be in /etc/amanda, but since this is a
> > local build, its in /usr/local/etc/amanda.
>
> First, I see a discrepancy: the error messge places the file
> amanda-security.conf in /usr/local/etc while according to what you say
> later about the man page, you expect it to be in /usr/local/etc/amanda
>
> The error message is complaining about the mode of the directory, not
> about the file. But mode on /usr/local/etc are not for Amanda only,
> it's a system stuff, so it is not really realistic to change them.
>
> So the solution was to move the file to /usr/local/etc/amanda, as
> suggested by the man, where you can adjust the mode more to Amanda
> linking.
>
> To do that, I modified the Makefile in FreeBSD port to include the
> option:
>
> --with-security-file=/usr/local/etc/amanda/amanda-security.conf
>
> [ In the case of FreeBSDm it was:
>
> --with-security-file=${ETCDIR}/amanda/amanda-security.conf
>
I physically moved the file to

/usr/local/etc/amanda/Daily/amanda-security.conf, as shown in my last 
post.

and modified my script to match.

configure still cannot find it.

> I also informed the port maintener that there maybe a change needed]
>
> I hope that helps.
>
> Olivier



Copyright 2018 by Maurice E. Heskett
-- 
Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 

Re: Zmanda acquired from Carbonite by BETSOL -- future of Amanda development

[Stefan G. Weichinger]

Am 04.10.18 um 09:02 schrieb Gene Heskett:


Until there is a fix that works, this thread is a waste of bandwidth.


... and the non-modified thread subject is heavily misleading, btw.

Re: Zmanda acquired from Carbonite by BETSOL -- future of Amanda development

[Gene Heskett]

On Wednesday 03 October 2018 23:13:06 Nathan Stratton Treadway wrote:

> On Thu, Oct 04, 2018 at 09:07:53 +0700, Olivier wrote:
> > The error message is complaining about the mode of the directory,
> > not about the file. But mode on /usr/local/etc are not for Amanda
> > only, it's a system stuff, so it is not really realistic to change
> > them.
> >
> > So the solution was to move the file to /usr/local/etc/amanda, as
> > suggested by the man, where you can adjust the mode more to Amanda
> > linking.
>
> While trying to figure out the error messages Gene was reporting I
> took a look at the source code that performs this security check [*]
> and found that it specifically checks the ownership and permissions of
> each containing directory all the way up the path.  So, in this case,
> if it doesn't like the permissions of /usr/local/etc/, moving it under
> /usr/local/etc/amanda/ won't actually avoid the error message -- it
> will still check /usr/local/etc/ because it's a parent of the
> .../amanda/ directory.
>
> Here's what Jean-Louis wrote on the topic back in Jun 2017:
>   The complete path to security.conf must be owned and writable only
> by the root user
>   [...]
>   That's why it is by default in /etc and not in /etc/amanda which
> must be writable by the amanda user.
>
>
> [*] for what it's worth, it's done in the function
> check_security_file_permission_message_recursive() found in
> common-src/security-file.c
>
> > To do that, I modified the Makefile in FreeBSD port to include the
> > option:
> >
> > --with-security-file=/usr/local/etc/amanda/amanda-security.conf
> >
> > [ In the case of FreeBSDm it was:
> >
> > --with-security-file=${ETCDIR}/amanda/amanda-security.conf
>
> Have you completed the build process with this configure parameter in
> place?  (I'm curious to hear if it did work as expected for you.)

No, I've ctl+c'd the script as soon as the not found error is reported in 
the configure summary.

Now I wasted another 1.5 hours by makeing the file root:root 0600 and 
putting it in /etc.  Same damned error from configure, not found. Of 
course its not found, configure as it exists, couldn't find its ass with 
both hands. The user amanda can see it just fine.

I appreciate that both of you are trying to help, but we're beating a 
dead horse here.

>
>   Nathan
>
> --
>-- Nathan Stratton Treadway  -  natha...@ontko.com  -  Mid-Atlantic
> region Ray Ontko & Co.  -  Software consulting services  -  
> http://www.ontko.com/ GPG Key:
> http://www.ontko.com/~nathanst/gpg_key.txt   ID: 1023D/ECFB6239 Key
> fingerprint = 6AD8 485E 20B9 5C71 231C  0C32 15F3 ADCD ECFB 6239



Copyright 2018 by Maurice E. Heskett
-- 
Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 

Re: Zmanda acquired from Carbonite by BETSOL -- future of Amanda development

[Gene Heskett]

On Thursday 04 October 2018 03:18:18 Stefan G. Weichinger wrote:

> Am 04.10.18 um 09:02 schrieb Gene Heskett:
> > Until there is a fix that works, this thread is a waste of
> > bandwidth.
>
> ... and the non-modified thread subject is heavily misleading, btw.

That it is, its in two different threads now.

Copyright 2018 by Maurice E. Heskett
-- 
Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 

Re: Zmanda acquired from Carbonite by BETSOL -- future of Amanda development

[Olivier]

Gene,

> May I be so rude as to point out 
> that --with-security-file=/path/to/amanda-security.conf doesn't work 
> according to the config output.

I just downlowded amanda  3.5.1 and tried it, I do not have any problem
with the configure option --with-security-file. It is there in "configure
-h" and "configure --with-security-file=/somthing" does not throw an
error message.

> I moved it 
> to /usr/local/etc/amanda/Daily. It is there, and owned by amanda:disk, 
> but configure reports:
> ./gh.cf: 
> 25: ./gh.cf: 
> --with-security_file=/usr/local/etc/amanda/Daily/amanda-security.conf: 
> not found

But I could not find the file gh.cf that you mention, it does not appear
to be part of the distribution of Amanda.

Regards,

Olivier

Re: Zmanda acquired from Carbonite by BETSOL -- future of Amanda development

[Gene Heskett]

On Thursday 04 October 2018 04:28:53 Olivier wrote:

> Gene,
>
> > May I be so rude as to point out
> > that --with-security-file=/path/to/amanda-security.conf doesn't work
> > according to the config output.
>
> I just downlowded amanda  3.5.1 and tried it, I do not have any
> problem with the configure option --with-security-file. It is there in
> "configure -h" and "configure --with-security-file=/somthing" does not
> throw an error message.
>
> > I moved it
> > to /usr/local/etc/amanda/Daily. It is there, and owned by
> > amanda:disk, but configure reports:
> > ./gh.cf:
> > 25: ./gh.cf:
> > --with-security_file=/usr/local/etc/amanda/Daily/amanda-security.con
> >f: not found
>
> But I could not find the file gh.cf that you mention, it does not
> appear to be part of the distribution of Amanda.
>
Its not, that my build script I wrote in self defense tears ago so that I 
didn't have to remember all the options to pass to config.
Here that script is:

#!/bin/sh
# since I'm always forgetting to su amanda...
if [ `whoami` != 'amanda' ]; then
echo
echo "!! Warning !!!"
echo "Amanda needs to be configured and built by the"
echo "user amanda, but must be installed by user root."
echo
exit 1
fi
make clean
rm -f config.status config.cache
./configure --with-user=amanda \
--with-group=disk \
--with-owner=amanda \
--with-gnu-ld \
--prefix=/usr/local/ \
--with-debugging=/tmp/amanda-dbg/ \
--with-tape-server=coyote \
--with-bsdtcp-security --with-amandahosts \
--with-configdir=/usr/local/etc/amanda \
--enable-manpage-build \
--with-readline \
--with-gnutar=/bin/tar \
--with-security-file=/etc/amanda-security.conf
echo "sleeping for reading configures warnings"
echo "a make as amanda will continue after 75 seconds..."
sleep 75
make
---
Nothing unusual there except consistent build options. coyote is the 
hosts file alias for this machine.
 
> Regards,
>
> Olivier


-- 
Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 

Re: Zmanda acquired from Carbonite by BETSOL -- future of Amanda development

[Nathan Stratton Treadway]

On Thu, Oct 04, 2018 at 06:12:16 -0400, Gene Heskett wrote:
> > > to /usr/local/etc/amanda/Daily. It is there, and owned by
> > > amanda:disk, but configure reports:
> > > ./gh.cf:
> > > 25: ./gh.cf:
> > > --with-security_file=/usr/local/etc/amanda/Daily/amanda-security.con
> > >f: not found
[...]
> ./configure --with-user=amanda \
>   --with-group=disk \
>   --with-owner=amanda \
>   --with-gnu-ld \
>   --prefix=/usr/local/ \
>   --with-debugging=/tmp/amanda-dbg/ \
>   --with-tape-server=coyote \
>   --with-bsdtcp-security --with-amandahosts \
>   --with-configdir=/usr/local/etc/amanda \
>   --enable-manpage-build \
>   --with-readline \
>   --with-gnutar=/bin/tar \
>   --with-security-file=/etc/amanda-security.conf

The "not found" error here is not from "configure", but rather from
gh.cf; it appears /bin/sh is trying to execute a command named
"--with-security_file=/usr/local/etc/amanda/Daily/amanda-security.conf".

Do you have a trailing space after the "\" at the end of line 24 of your
script?  (If it's not that, it would appear to be some other shell
syntax typo somewhere earlier in the script.)

Nathan


Nathan Stratton Treadway  -  natha...@ontko.com  -  Mid-Atlantic region
Ray Ontko & Co.  -  Software consulting services  -   http://www.ontko.com/
 GPG Key: http://www.ontko.com/~nathanst/gpg_key.txt   ID: 1023D/ECFB6239
 Key fingerprint = 6AD8 485E 20B9 5C71 231C  0C32 15F3 ADCD ECFB 6239

Re: Zmanda acquired from Carbonite by BETSOL -- future of Amanda development

[Gene Heskett]

On Thursday 04 October 2018 06:12:16 Gene Heskett wrote:

> On Thursday 04 October 2018 04:28:53 Olivier wrote:
> > Gene,
> >
> > > May I be so rude as to point out
> > > that --with-security-file=/path/to/amanda-security.conf doesn't
> > > work according to the config output.
> >
> > I just downlowded amanda  3.5.1 and tried it, I do not have any
> > problem with the configure option --with-security-file. It is there
> > in "configure -h" and "configure --with-security-file=/somthing"
> > does not throw an error message.
> >
> > > I moved it
> > > to /usr/local/etc/amanda/Daily. It is there, and owned by
> > > amanda:disk, but configure reports:
> > > ./gh.cf:
> > > 25: ./gh.cf:
> > > --with-security_file=/usr/local/etc/amanda/Daily/amanda-security.c
> > >on f: not found
> >
> > But I could not find the file gh.cf that you mention, it does not
> > appear to be part of the distribution of Amanda.
>
> Its not, that my build script I wrote in self defense tears ago so
> that I didn't have to remember all the options to pass to config.
> Here that script is:
> 
> #!/bin/sh
> # since I'm always forgetting to su amanda...
> if [ `whoami` != 'amanda' ]; then
>   echo
>   echo "!! Warning !!!"
>   echo "Amanda needs to be configured and built by the"
>   echo "user amanda, but must be installed by user root."
>   echo
>   exit 1
> fi
> make clean
> rm -f config.status config.cache
> ./configure --with-user=amanda \
>   --with-group=disk \
>   --with-owner=amanda \
>   --with-gnu-ld \
>   --prefix=/usr/local/ \
>   --with-debugging=/tmp/amanda-dbg/ \
>   --with-tape-server=coyote \
>   --with-bsdtcp-security --with-amandahosts \
>   --with-configdir=/usr/local/etc/amanda \
>   --enable-manpage-build \
>   --with-readline \
>   --with-gnutar=/bin/tar \
>   --with-security-file=/etc/amanda-security.conf
> echo "sleeping for reading configures warnings"
> echo "a make as amanda will continue after 75 seconds..."
> sleep 75
> make
> ---
> Nothing unusual there except consistent build options. coyote is the
> hosts file alias for this machine.
>
And beat me with whatever. Ouch, egg on face. Shtoopidity, must come with 
a large birthday count. 83->84 today.

In posting that script I suddenly noticed the \ after the previous last 
line was missing. Its rebuilding now, with that file moved to /etc. My 
apologies.

And amcheck is happy.

amanda@coyote:~/amanda-3.5.1$ /usr/local/sbin/amcheck Daily
'/usr/local/etc/amanda/Daily/amanda.conf', line 119: warning: Global 
changerfile is deprecated, it must be set in the changer section
'/usr/local/etc/amanda/Daily/amanda.conf', line 140: warning: Keyword 
usetimestamps is deprecated.
Amanda Tape Server Host Check
-
NOTE: Holding disk '/usr/dumps': 639636 MB disk space available, using 
639136 MB
'/usr/local/etc/amanda/Daily/amanda.conf', line 119: warning: Global 
changerfile is deprecated, it must be set in the changer section
'/usr/local/etc/amanda/Daily/amanda.conf', line 140: warning: Keyword 
usetimestamps is deprecated.
slot 57: volume 'Dailys-57'
Will write to volume 'Dailys-57' in slot 57.
NOTE: skipping tape-writable test
Server check took 0.256 seconds
Amanda Backup Client Hosts Check

Client check: 5 hosts checked in 3.089 seconds.  0 problems found.
(brought to you by Amanda 3.5.1)
So we'll see how it makes an extra run.
This mornings email from the run this  morning is typical of the lieing 
amanda does these days, long report from planner indicating 2/3rds of 
the disklist is advanced to level 2.

But then you pick a named dle, scan down the message and it did a level 0 
on every dle it promoted. So the backup is 2-3 times the size it should 
be if the planner had its way. And if you look back in the archives 
you'll find I've posted about this discrepancy quite a few times over 
the last 5 years. I note another user has had to take steps to override 
it, but I'd much druther see it just do what it said it was going to do.

3.5.1 is running via my wrapper script backup.sh just to see how it 
does... My wrapper script runs the backup, then appends everything 
amanda needs to restore a new drive with a bare install on it, to 
exactly the configuration it had when it ran earlier this morning.

> > Regards,
> >
> > Olivier

-- 
Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 

Re: Zmanda acquired from Carbonite by BETSOL -- future of Amanda development

[Gene Heskett]

On Thursday 04 October 2018 06:55:29 Nathan Stratton Treadway wrote:

> On Thu, Oct 04, 2018 at 06:12:16 -0400, Gene Heskett wrote:
> > > > to /usr/local/etc/amanda/Daily. It is there, and owned by
> > > > amanda:disk, but configure reports:
> > > > ./gh.cf:
> > > > 25: ./gh.cf:
> > > > --with-security_file=/usr/local/etc/amanda/Daily/amanda-security
> > > >.con f: not found
>
> [...]
>
> > ./configure --with-user=amanda \
> > --with-group=disk \
> > --with-owner=amanda \
> > --with-gnu-ld \
> > --prefix=/usr/local/ \
> > --with-debugging=/tmp/amanda-dbg/ \
> > --with-tape-server=coyote \
> > --with-bsdtcp-security --with-amandahosts \
> > --with-configdir=/usr/local/etc/amanda \
> > --enable-manpage-build \
> > --with-readline \
> > --with-gnutar=/bin/tar \
> > --with-security-file=/etc/amanda-security.conf
>
> The "not found" error here is not from "configure", but rather from
> gh.cf; it appears /bin/sh is trying to execute a command named
> "--with-security_file=/usr/local/etc/amanda/Daily/amanda-security.conf
>".
>
> Do you have a trailing space after the "\" at the end of line 24 of
> your script?  (If it's not that, it would appear to be some other
> shell syntax typo somewhere earlier in the script.)
>
>   Nathan
Absolutely correct, that \ after tar was missing. Its built, amcheck is 
happy, and its doing another backup session right now.

Thanks for your patience, that shoulda been obvious but it wasn't seen in 
nano. glaring colors distracted, old man forgot, whatever, but I didn't 
notice it till I posted it in plain black and white.

> --
>-- Nathan Stratton Treadway  -  natha...@ontko.com  -  Mid-Atlantic
> region Ray Ontko & Co.  -  Software consulting services  -  
> http://www.ontko.com/ GPG Key:
> http://www.ontko.com/~nathanst/gpg_key.txt   ID: 1023D/ECFB6239 Key
> fingerprint = 6AD8 485E 20B9 5C71 231C  0C32 15F3 ADCD ECFB 6239



Copyright 2018 by Maurice E. Heskett
-- 
Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 

Re: Zmanda acquired from Carbonite by BETSOL -- future of Amanda development

[Olivier]

Gene,

> And beat me with whatever. Ouch, egg on face. Shtoopidity, must come with 
> a large birthday count. 83->84 today.
> 
> In posting that script I suddenly noticed the \ after the previous last 
> line was missing. Its rebuilding now, with that file moved to /etc. My 
> apologies.
> 
> And amcheck is happy.

That's a kind of weird present, but Amada is building, happy birthsday
:)

I hope to reach 84 one day and still be as bright as you are by that
time.

Olivier

Re: Zmanda acquired from Carbonite by BETSOL -- future of Amanda development

[Stefan G. Weichinger]

Am 05.10.18 um 05:15 schrieb Olivier:

Gene,


And beat me with whatever. Ouch, egg on face. Shtoopidity, must come with
a large birthday count. 83->84 today.

In posting that script I suddenly noticed the \ after the previous last
line was missing. Its rebuilding now, with that file moved to /etc. My
apologies.

And amcheck is happy.


That's a kind of weird present, but Amada is building, happy birthsday
:)

I hope to reach 84 one day and still be as bright as you are by that
time.


Best wishes from me as well, I am impressed :-)

Stefan