Re: Configuring RH7.2 Amanda out of the box - error accessing Ama nda hosts file.
On Saturday 31 May 2003 06:14, Wojciech Jedliczka wrote:
>- Original Message -
From: "Gene Heskett"
>To: "Wojciech Jedliczka"; "Kevin Passey"
>Sent: Saturday, May 31, 2003 11:24 AM
>Subject: Re: Configuring RH7.2 Amanda out of the box - error
> accessing Ama nda hosts file.
>
>> On Saturday 31 May 2003 04:40, Wojciech Jedliczka wrote:
>> >Hi,
>> >
>> >> I thought that once I sent the mail so I added both it now
>> >> looks like
>> >>
>> >> dilmom.as400resource.com amanda
>> >> dilmom amanda
>> >>
>> >> Still no Joy !!
>> >>
>> >> Thanks for your reply anyway.
>> >>
>> >> Regards
>> >>
>> >> Kevin
>> >>
>> >> -Original Message-
>> >>
>> >> *snip*
>> >>
>> >> > Amanda Backup Client Hosts Check
>> >> >
>> >> > ERROR: dilmom: [access as amanda not allowed from
>> >> > [EMAIL PROTECTED] open of /home/amanda/.amandahosts failed
>> >> > ^
>> >
>> >Check the owner and permisions of '/home/amanda/.amandahosts' -
>> >should be amanda.disk and 660.
>> >
>> >WJ
>>
>> Nope, 0600. RTM please.
>>
>> --
>> Cheers, Gene
>
>Gene,
>I always RTFM many times.
>Inside all docs files in amanda distribution is no place
>giving suggestion about .amandahosts permissions.
>Amandahosts file is used for authorization and therefore
>it is important who owns these file and who has access
>to read and write.
>From the security point of view is better to has 600
>than 660 but both are acceptable for me.
You are absolutely correct in that a grep for 0600 in the docs
directory of the latest image comes back empty. However, its been
quoted here several times that amanda does check those perms, and
will reject the file if anyone BUT amanda (and of course root) has
access rights.
Apparently this is considered a security leak if the software informs
the user whats wrong so that he can fix it. From current snapshot,
common-src/security.c:
--
security.c:ptmp = stralloc2(pwptr->pw_dir, "/.amandahosts");
security.c-if((fPerm = fopen(ptmp, "r")) == NULL) {
security.c- /*
security.c- * Put an explanation in the amandad.debug log that
will help a
security.c- * system administrator fix the problem, but don't
send a clue
security.c- * back to the other end to tell them what to fix in
order to
security.c- * be able to hack our system.
security.c- */
security.c- dbprintf(("%s: fopen of %s failed: %s\n",
security.c- debug_prefix_time(NULL), ptmp,
strerror(errno)));
security.c- *errstr = vstralloc("[",
security.c- "access as ", localuser, " not
allowed",
security.c- " from ", remoteuser, "@",
remotehost,
security.c- "] open of ",
security.c- ptmp,
security.c- " failed", NULL);
--etc---
>
>The only one place where you can find a note about
>.amandahost file permissions is www.backupcentral.com/amanda-13.html
>which I am treating as a guide for the Amanda written some day
>in the past.
Unless Dave has updated it, its about 2 years old. However, I don't
recall that this particular item has been changed. But as in all
things amanda, I'll defer to the authors if they'd like to chime in
and correct me.
>When I am trying to help someone via list I am usually checking
>my servers settings and not always RTFM. In this case I have
>checked my RH9 Amanda server installed during RH9 automatic
>built. Amandahosts has 660 so that is why I have sent such
>suggestion for Kevin. My second Amanda server built from
>source has .amandahosts 600.
Redhat set incorrect perms on that file in that event, probably so
that their installer didn't have to become 'amanda' to write it in
the first place, and one more reason to excise the rpm completely and
install from a recent tarball. The tarball unpack, configure, build
and install is a 4 minute job on recent hardware, but the
configuration OF the install will take several more hours for the
gnubee.
There are plenty of folks here who will be glad to help you however.
:)
>Cheers, Wojtek
--
Cheers, Gene
AMD [EMAIL PROTECTED] 320M
[EMAIL PROTECTED] 512M
99.26% setiathome rank, not too shabby for a WV hillbilly
Yahoo.com attornies please note, additions to this message
by Gene Heskett are:
Copyright 2003 by Maurice Eugene Heskett, all rights reserved.
Re: Configuring RH7.2 Amanda out of the box - error accessing Ama nda hosts file.
On Sat, May 31, 2003 at 12:14:08PM +0200, Wojciech Jedliczka wrote: > > I always RTFM many times. > Inside all docs files in amanda distribution is no place > giving suggestion about .amandahosts permissions. > Amandahosts file is used for authorization and therefore > it is important who owns these file and who has access > to read and write. > From the security point of view is better to has 600 > than 660 but both are acceptable for me. In this case the guidelines are based on the BSD authentication scheme using the .rhosts file as a model. Remberance of either usage or past documentation would make me say 600 is the proper permissions as the programs specifically ignored a file even readable by group or other. However I don't see that on the manpage for rhosts on my system now. A similar file, .netrc does have those requirements (listed on the manpage too) but that has nothing to do with amanda. -- Jon H. LaBadie [EMAIL PROTECTED] JG Computing 4455 Province Line Road(609) 252-0159 Princeton, NJ 08540-4322 (609) 683-7220 (fax)
Re: Configuring RH7.2 Amanda out of the box - error accessing Ama nda hosts file.
- Original Message - From: "Gene Heskett" To: "Wojciech Jedliczka"; "Kevin Passey" Sent: Saturday, May 31, 2003 11:24 AM Subject: Re: Configuring RH7.2 Amanda out of the box - error accessing Ama nda hosts file. > On Saturday 31 May 2003 04:40, Wojciech Jedliczka wrote: > >Hi, > > > >> I thought that once I sent the mail so I added both it now looks > >> like > >> > >> dilmom.as400resource.com amanda > >> dilmom amanda > >> > >> Still no Joy !! > >> > >> Thanks for your reply anyway. > >> > >> Regards > >> > >> Kevin > >> > >> -Original Message- > >> > >> *snip* > >> > >> > Amanda Backup Client Hosts Check > >> > > >> > ERROR: dilmom: [access as amanda not allowed from [EMAIL PROTECTED] > >> > open of /home/amanda/.amandahosts failed > >> > ^ > > > >Check the owner and permisions of '/home/amanda/.amandahosts' - > >should be amanda.disk and 660. > > > >WJ > > Nope, 0600. RTM please. > > -- > Cheers, Gene Gene, I always RTFM many times. Inside all docs files in amanda distribution is no place giving suggestion about .amandahosts permissions. Amandahosts file is used for authorization and therefore it is important who owns these file and who has access to read and write. >From the security point of view is better to has 600 than 660 but both are acceptable for me. The only one place where you can find a note about .amandahost file permissions is www.backupcentral.com/amanda-13.html which I am treating as a guide for the Amanda written some day in the past. When I am trying to help someone via list I am usually checking my servers settings and not always RTFM. In this case I have checked my RH9 Amanda server installed during RH9 automatic built. Amandahosts has 660 so that is why I have sent such suggestion for Kevin. My second Amanda server built from source has .amandahosts 600. Cheers, Wojtek
Re: Configuring RH7.2 Amanda out of the box - error accessing Ama nda hosts file.
On Saturday 31 May 2003 04:40, Wojciech Jedliczka wrote: >Hi, > >> I thought that once I sent the mail so I added both it now looks >> like >> >> dilmom.as400resource.com amanda >> dilmom amanda >> >> Still no Joy !! >> >> Thanks for your reply anyway. >> >> Regards >> >> Kevin >> >> -Original Message- >> >> *snip* >> >> > Amanda Backup Client Hosts Check >> > >> > ERROR: dilmom: [access as amanda not allowed from [EMAIL PROTECTED] >> > open of /home/amanda/.amandahosts failed >> > ^ > >Check the owner and permisions of '/home/amanda/.amandahosts' - >should be amanda.disk and 660. > >WJ Nope, 0600. RTM please. -- Cheers, Gene AMD [EMAIL PROTECTED] 320M [EMAIL PROTECTED] 512M 99.26% setiathome rank, not too shabby for a WV hillbilly Yahoo.com attornies please note, additions to this message by Gene Heskett are: Copyright 2003 by Maurice Eugene Heskett, all rights reserved.
Re: Configuring RH7.2 Amanda out of the box - error accessing Ama nda hosts file.
Hi, > I thought that once I sent the mail so I added both it now looks like > > dilmom.as400resource.com amanda > dilmom amanda > > Still no Joy !! > > Thanks for your reply anyway. > > Regards > > Kevin > > -Original Message- > > *snip* > > > Amanda Backup Client Hosts Check > > > > ERROR: dilmom: [access as amanda not allowed from [EMAIL PROTECTED] open of > > /home/amanda/.amandahosts failed ^ > Check the owner and permisions of '/home/amanda/.amandahosts' - should be amanda.disk and 660. WJ
Re: Configuring RH7.2 Amanda out of the box - error accessing Ama nda hosts file.
On Saturday 31 May 2003 04:12, Kevin Passey wrote: >I thought that once I sent the mail so I added both it now looks > like > >dilmom.as400resource.com amanda >dilmom amanda > >Still no Joy !! Are the perms 0600, and its owned by amanda? -- Cheers, Gene AMD [EMAIL PROTECTED] 320M [EMAIL PROTECTED] 512M 99.26% setiathome rank, not too shabby for a WV hillbilly Yahoo.com attornies please note, additions to this message by Gene Heskett are: Copyright 2003 by Maurice Eugene Heskett, all rights reserved.
RE: Configuring RH7.2 Amanda out of the box - error accessing Ama nda hosts file.
I thought that once I sent the mail so I added both it now looks like dilmom.as400resource.com amanda dilmom amanda Still no Joy !! Thanks for your reply anyway. Regards Kevin -Original Message- From: Matt Hyclak [mailto:[EMAIL PROTECTED] Sent: 30 May 2003 17:09 To: Amanda (E-mail) Subject: Re: Configuring RH7.2 Amanda out of the box - error accessing Ama nda hosts file. On Fri, May 30, 2003 at 03:47:17PM +0100, Kevin Passey enlightened us: > Ok my amandahosts file looks like this. > > dilmom.as400resource.com amanda > *snip* > Amanda Backup Client Hosts Check > > ERROR: dilmom: [access as amanda not allowed from [EMAIL PROTECTED] open of > /home/amanda/.amandahosts failed ^ Notice that does not say dilmom.as400resource.com. You'll want an entry like dilmom amanda in your amandahosts file. Matt -- Matt Hyclak Department of Mathematics Ohio University (740) 593-1263
Re: Configuring RH7.2 Amanda out of the box - error accessing Ama nda hosts file.
On Fri, May 30, 2003 at 03:47:17PM +0100, Kevin Passey enlightened us: > Ok my amandahosts file looks like this. > > dilmom.as400resource.com amanda > *snip* > Amanda Backup Client Hosts Check > > ERROR: dilmom: [access as amanda not allowed from [EMAIL PROTECTED] open of > /home/amanda/.amandahosts failed ^ Notice that does not say dilmom.as400resource.com. You'll want an entry like dilmom amanda in your amandahosts file. Matt -- Matt Hyclak Department of Mathematics Ohio University (740) 593-1263 pgp0.pgp Description: PGP signature
