Re: amfetchdump: running as user root instead of amanda ??
* Jean-Louis Martineau [EMAIL PROTECTED] [20081104 13:46]: Jean-Francois Malouin wrote: Is this a new feature? I've done restore as root in the past I'm sure and never seen this before. Have been living blind all this time? :) So I guess I was lucky enough to do the amfetchdump in a dir owned by amanda and then it could recreate the dir structure and file ownerships... Maybe you were using amrestore? It doesn't need amanda privilege. I've used both for testing purposes before. I've just finished a new restore test on a new piece of hardware: # su amanda -c /opt/amanda/sbin/amfetchdump -b 2048k -p -d tape:/dev/nst0 top gustav /raid/ipl 20081104 | tar -xpGf - completes ok, looks good, the dle was successfully restored but tar didn't restore the original ownerships of the dirs and files, they all belong to user 'amanda' and group 'disk', its primary group, as I was suspicious it would do in the first place, but I wanted to be 100% sure before posting. # tar --version tar (GNU tar) 1.16 I don't see this on a another system, running the same amanda version, 2.5.2p1, but from a much earlier configured and compiled tarball Proof is in the pudding. From a debug amandad: amandad: time 0.016: build: VERSION=Amanda-2.5.2p1 amandad: time 0.016:BUILT_DATE=Fri Jul 6 12:27:48 EDT 2007 amandad: time 0.016:BUILT_MACH=IRIX64 wart 6.5 01062343 IP27 yorick 117# /opt/amanda/amanda1/sbin/amfetchdump -p -d /hw/tape/tps21d1nrnsv stk_80-conf1 yorick /data/speechprod/speechprod2 20081030 | /usr/freeware/bin/tar -xpGf - 1 tape(s) needed for restoration The following tapes are needed: 38 Press enter when ready Scanning 38 (slot 1) and the restore completes ok. That's with tar (GNU tar) 1.13.25. So that leads me to believe that it's either something that has been backported in the tarball for 2.5.2p1 since then or is it a problem with tar 1.16 on a Debian Etch machine? thanks, jf Jean-Louis -- ° Jean-François Malouin McConnell Brain Imaging Centre System/Network AdministratorMontréal Neurological Institute http://www.bic.mni.mcgill.ca/~malin 3801 Rue University, Suite WB219 (514) 398-8924Montréal, Québec, H3A 2B4, Canada
Re: amfetchdump: running as user root instead of amanda ??
On Tue, Nov 4, 2008 at 12:08 PM, Jean-Francois Malouin [EMAIL PROTECTED] wrote: Is this a new feature? I've done restore as root in the past I'm sure and never seen this before. Have been living blind all this time? :) So I guess I was lucky enough to do the amfetchdump in a dir owned by amanda and then it could recreate the dir structure and file ownerships... We improved how Amanda checks userids. There may have been a bug that accidentally allowed amfetchdump to run as root in a previous version. Dustin -- Storage Software Engineer http://www.zmanda.com
Re: amfetchdump: running as user root instead of amanda ??
Jean-Francois Malouin wrote: * Jean-Louis Martineau [EMAIL PROTECTED] [20081104 13:46]: Jean-Francois Malouin wrote: Is this a new feature? I've done restore as root in the past I'm sure and never seen this before. Have been living blind all this time? :) So I guess I was lucky enough to do the amfetchdump in a dir owned by amanda and then it could recreate the dir structure and file ownerships... Maybe you were using amrestore? It doesn't need amanda privilege. I've used both for testing purposes before. I've just finished a new restore test on a new piece of hardware: # su amanda -c /opt/amanda/sbin/amfetchdump -b 2048k -p -d tape:/dev/nst0 top gustav /raid/ipl 20081104 | tar -xpGf - You've put the quotes too far. Put them only around the amfetchdump command, and pipe the result to tar, which still has root priviliges then: su amanda -c /opt/amanda/sbin/amfetchdump -b 2048k -p -d tape:/dev/nst0 top gustav /raid/ipl 20081104 | tar -xpGf - completes ok, looks good, the dle was successfully restored but tar didn't restore the original ownerships of the dirs and files, they all belong to user 'amanda' and group 'disk', its primary group, as I was suspicious it would do in the first place, but I wanted to be 100% sure before posting. Tar needs root privileges indeed to restore ownership. But amfetchdump needs to run as amanda. There could maybe a case for allowing to run as root, but that would open a whole lot of other problems, e.g. the debug directories like /tmp/amanda etc would be created with root ownership. That would give trouble for the next command, run as amanda, which would get permission to add its debug files to that directory. Besides, in general, it is safer and giving less chance to hit security problems when not running programs as root unless strictly necessary.
Re: amfetchdump: running as user root instead of amanda ??
* Jean-Louis Martineau [EMAIL PROTECTED] [20081105 15:28]: amfetchdump must be run by amanda, tar must be run by root. Logged as root, you do: # su amanda -c /opt/amanda/sbin/amfetchdump -b 2048k -p -d tape:/dev/nst0 top gustav /raid/ipl 20081104 | tar -xpGf - Look where I put the . Indeed! Thanks Jean-Louis! jf -- ° Jean-François Malouin McConnell Brain Imaging Centre System/Network AdministratorMontréal Neurological Institute 3801 Rue University, Suite WB219, Montréal, Québec, H3A 2B4, Canada
Re: amfetchdump: running as user root instead of amanda ??
Jean-Francois Malouin wrote: * Jean-Louis Martineau [EMAIL PROTECTED] [20081104 13:46]: Jean-Francois Malouin wrote: Is this a new feature? I've done restore as root in the past I'm sure and never seen this before. Have been living blind all this time? :) So I guess I was lucky enough to do the amfetchdump in a dir owned by amanda and then it could recreate the dir structure and file ownerships... Maybe you were using amrestore? It doesn't need amanda privilege. I've used both for testing purposes before. I've just finished a new restore test on a new piece of hardware: # su amanda -c /opt/amanda/sbin/amfetchdump -b 2048k -p -d tape:/dev/nst0 top gustav /raid/ipl 20081104 | tar -xpGf - amfetchdump must be run by amanda, tar must be run by root. Logged as root, you do: # su amanda -c /opt/amanda/sbin/amfetchdump -b 2048k -p -d tape:/dev/nst0 top gustav /raid/ipl 20081104 | tar -xpGf - Look where I put the . completes ok, looks good, the dle was successfully restored but tar didn't restore the original ownerships of the dirs and files, they all belong to user 'amanda' and group 'disk', its primary group, as I was suspicious it would do in the first place, but I wanted to be 100% sure before posting. # tar --version tar (GNU tar) 1.16 I don't see this on a another system, running the same amanda version, 2.5.2p1, but from a much earlier configured and compiled tarball Proof is in the pudding. From a debug amandad: amandad: time 0.016: build: VERSION=Amanda-2.5.2p1 amandad: time 0.016:BUILT_DATE=Fri Jul 6 12:27:48 EDT 2007 amandad: time 0.016:BUILT_MACH=IRIX64 wart 6.5 01062343 IP27 yorick 117# /opt/amanda/amanda1/sbin/amfetchdump -p -d /hw/tape/tps21d1nrnsv stk_80-conf1 yorick /data/speechprod/speechprod2 20081030 | /usr/freeware/bin/tar -xpGf - 1 tape(s) needed for restoration The following tapes are needed: 38 Press enter when ready Scanning 38 (slot 1) and the restore completes ok. That's with tar (GNU tar) 1.13.25. So that leads me to believe that it's either something that has been backported in the tarball for 2.5.2p1 since then or is it a problem with tar 1.16 on a Debian Etch machine? thanks, jf Jean-Louis
amfetchdump: running as user root instead of amanda ??
Running amanda-2.6.0p2 an attempting to restore a run: # id uid=0(root) gid=0(root) groups=0(root) # amfetchdump -p -d tape:/dev/nst0 conf1 gustav | tar -xpGf - amfetchdump: running as user root instead of amanda ugh? jf -- ° Jean-François Malouin Jean-Francois.Malouin @ bic.mni.mcgill.ca System/Network Administrator http://www.bic.mni.mcgill.ca/~malin McConnell Brain Imaging CentreVoice: (514) 398-8924 Montréal Neurological Institute Fax: (514) 398-8948 3801 Rue University, Suite WB219 Montréal, Québec, H3A 2B4, Canada
Re: amfetchdump: running as user root instead of amanda ??
Jean-Francois Malouin wrote: Running amanda-2.6.0p2 an attempting to restore a run: # id uid=0(root) gid=0(root) groups=0(root) # amfetchdump -p -d tape:/dev/nst0 conf1 gustav | tar -xpGf - amfetchdump: running as user root instead of amanda ugh? jf amfetchdump must be able to access the amanda log and index. Only the 'amanda' user can do it. su amanda -c amfetchdump -p -d tape:/dev/nst0 conf1 gustav | tar -xpGf - Jean-Louis
Re: amfetchdump: running as user root instead of amanda ??
* Jean-Louis Martineau [EMAIL PROTECTED] [20081104 11:49]: Jean-Francois Malouin wrote: Running amanda-2.6.0p2 an attempting to restore a run: # id uid=0(root) gid=0(root) groups=0(root) # amfetchdump -p -d tape:/dev/nst0 conf1 gustav | tar -xpGf - amfetchdump: running as user root instead of amanda ugh? jf amfetchdump must be able to access the amanda log and index. Only the 'amanda' user can do it. su amanda -c amfetchdump -p -d tape:/dev/nst0 conf1 gustav | tar -xpGf - Is this a new feature? I've done restore as root in the past I'm sure and never seen this before. Have been living blind all this time? :) So I guess I was lucky enough to do the amfetchdump in a dir owned by amanda and then it could recreate the dir structure and file ownerships... thanks, jf Jean-Louis -- ° Jean-François Malouin Jean-Francois.Malouin @ bic.mni.mcgill.ca System/Network Administrator http://www.bic.mni.mcgill.ca/~malin McConnell Brain Imaging CentreVoice: (514) 398-8924 Montréal Neurological Institute Fax: (514) 398-8948 3801 Rue University, Suite WB219 Montréal, Québec, H3A 2B4, Canada
Re: amfetchdump: running as user root instead of amanda ??
Jean-Francois Malouin wrote: Is this a new feature? I've done restore as root in the past I'm sure and never seen this before. Have been living blind all this time? :) So I guess I was lucky enough to do the amfetchdump in a dir owned by amanda and then it could recreate the dir structure and file ownerships... Maybe you were using amrestore? It doesn't need amanda privilege. Jean-Louis