Re: Odd permissions problem
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wednesday, 14.12.2005 at 16:17 +0100, Paul Bijnens wrote: > Dave Ewart wrote: > >I've just added a few entries to my disklist and am getting errors like > >the following, during amcheck: > > > >ERROR: athena: [could not access /srv/samba/netlogon > >(/srv/samba/netlogon): Permission denied] > > > >Why is this directory not visible to the AMANDA process, given that the > >AMANDA user is part of group 'disk' and that should give it access to > >those partitions? The '/root/' partition is only (technically) visible > >to the root user, yet AMANDA is able to correctly back this up. > > http://wiki.zmanda.com/index.php/Why_does_amcheck_fail_while_amdump_succeeds_%3F > > The good news is that amdump will probably work fine. > > The fact that amanda is part of group disk has no effect here: > you're doing backups of subdirectories, and thus cannot use dump, but > must use gnutar (Dump can only work on whole partitions, not on > subdirectories, at least when doing incrementals.) > > For running dumpa and accessing the device-partitions, amanda needs to > be member of the disk-group, but for running gnutar, amanda actually > needs root priviledges, which she gets by invoking gnutar with a suid > root program, which is not used by amcheck. (Note amcheck just sends a > message to amandad on the client, and it's amandad on the client that > does the check; hence making amcheck suid-root does not help either.) Ah, understood, very helpful Paul. That explains the situation sufficiently for me to be able to work around it. Thanks, Dave. - -- Dave Ewart [EMAIL PROTECTED] Computing Manager, Cancer Epidemiology Unit Cancer Research UK / Oxford University PGP: CC70 1883 BD92 E665 B840 118B 6E94 2CFD 694D E370 Get key from http://www.ceu.ox.ac.uk/~davee/davee-ceu-ox-ac-uk.asc N 51.7518, W 1.2016 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFDoEHCbpQs/WlN43ARAnN9AJ92UXOBw630FlSImG9C3fJpHhv2+ACgy4mi yACzRR4yhXZxUooRO9dOk98= =cho+ -END PGP SIGNATURE-
Re: Odd permissions problem
Dave Ewart wrote: I've just added a few entries to my disklist and am getting errors like the following, during amcheck: ERROR: athena: [could not access /srv/samba/netlogon (/srv/samba/netlogon): Permission denied] Why is this directory not visible to the AMANDA process, given that the AMANDA user is part of group 'disk' and that should give it access to those partitions? The '/root/' partition is only (technically) visible to the root user, yet AMANDA is able to correctly back this up. http://wiki.zmanda.com/index.php/Why_does_amcheck_fail_while_amdump_succeeds_%3F The good news is that amdump will probably work fine. The fact that amanda is part of group disk has no effect here: you're doing backups of subdirectories, and thus cannot use dump, but must use gnutar (Dump can only work on whole partitions, not on subdirectories, at least when doing incrementals.) For running dumpa and accessing the device-partitions, amanda needs to be member of the disk-group, but for running gnutar, amanda actually needs root priviledges, which she gets by invoking gnutar with a suid root program, which is not used by amcheck. (Note amcheck just sends a message to amandad on the client, and it's amandad on the client that does the check; hence making amcheck suid-root does not help either.) -- Paul Bijnens, XplanationTel +32 16 397.511 Technologielaan 21 bus 2, B-3001 Leuven, BELGIUMFax +32 16 397.512 http://www.xplanation.com/ email: [EMAIL PROTECTED] *** * I think I've got the hang of it now: exit, ^D, ^C, ^\, ^Z, ^Q, ^^, * * F6, quit, ZZ, :q, :q!, M-Z, ^X^C, logoff, logout, close, bye, /bye, * * stop, end, F3, ~., ^]c, +++ ATH, disconnect, halt, abort, hangup, * * PF4, F20, ^X^X, :D::D, KJOB, F14-f-e, F8-e, kill -1 $$, shutdown, * * init 0, kill -9 1, Alt-F4, Ctrl-Alt-Del, AltGr-NumLock, Stop-A, ... * * ... "Are you sure?" ... YES ... Phew ... I'm out * ***
Odd permissions problem
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I've just added a few entries to my disklist and am getting errors like the following, during amcheck: ERROR: athena: [could not access /srv/samba/netlogon (/srv/samba/netlogon): Permission denied] ERROR: athena: [could not access /srv/samba/install (/srv/samba/install): Permission denied] This is strange, because other entries, such as /root and /etc have been backed-up correctly for many months. This is a Debian system where AMANDA uses user 'backup', which is a member of user 'disk' - this should allow it to backup all local disks without further privileges. /srv/samba, /root and /etc are all on the same partition, /dev/sda1: # ls -l /dev/sda1 brw-rw 1 root disk 8, 1 Jun 15 18:26 /dev/sda1 Various permissions: (For working entries in disklist) # ls -ld /root drwxr-x--- 15 root root 4096 Dec 14 14:31 /root # ls -ld /etc drwxr-xr-x 85 root root 4096 Dec 14 14:38 /etc (For non-working entries in disklist) # ls -ld /srv drwxr-xr-x 3 root root 4096 Nov 28 10:39 /srv # ls -ld /srv/samba drwxr-s--- 10 root everyone 4096 Nov 21 10:38 /srv/samba # ls -ld /srv/samba/install/ drwxr-s--- 5 root everyone 4096 Nov 15 10:01 /srv/samba/install/ # ls -ld /srv/samba/netlogon/ drwxr-s--- 3 root everyone 4096 Dec 14 09:08 /srv/samba/netlogon/ If I make '/srv/samba' chmod-ed to 755, then the permissions errors go away. HOWEVER, I don't want to do that, since there are good reasons for that directory having the permissions it does. Why is this directory not visible to the AMANDA process, given that the AMANDA user is part of group 'disk' and that should give it access to those partitions? The '/root/' partition is only (technically) visible to the root user, yet AMANDA is able to correctly back this up. Ideas/hints? Dave. - -- Dave Ewart [EMAIL PROTECTED] Computing Manager, Cancer Epidemiology Unit Cancer Research UK / Oxford University PGP: CC70 1883 BD92 E665 B840 118B 6E94 2CFD 694D E370 Get key from http://www.ceu.ox.ac.uk/~davee/davee-ceu-ox-ac-uk.asc N 51.7518, W 1.2016 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFDoDHtbpQs/WlN43ARArqiAKDlnbEHeiERhCJ4RZ1K6pfA+T61/QCgmo4e EeFlnVElcIw6MEjUNkrMVI0= =gTQG -END PGP SIGNATURE-
