Page 2 of 2 FirstFirst 12
Results 11 to 17 of 17

Thread: Permissions . . .

  1. #11
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    306

    Default

    amdump should be run as the Amanda user. amrecover should be run as root. The amindexd that gets fired off upon an amrecover should have elevated privileges as needed.

    As martineau points out, all the files you list--tapelist, index, backup files--should be owned by amanda:disk, not root.

    amdump should not be allowed to be run by root

    # amdump pt
    /usr/sbin/amdump: must be run as user amandabackup, not root

  2. #12

    Default

    I think you may have indirectly pointed me to my error . . . . I have been building as uid=amanda;gid=amanda, and not gid=disk, so I don't think I was ever able to get amdump to run as anything *but* root, and frankly, as I stated before, I have zero issues allowing it to run that way.

    File perms went back to root, since amdump was running as root, apparently . . .

    I am recompiling with amanda:disk as amanda uid/gid, and will try a run as amanda, and report back what happens.

    - Tim

  3. #13
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    306

    Default

    Ah, sorry I didn't catch that in comment #8.

    Yes, without amanda user being in group disk, it does not have sufficient privilege to read from and to devices.

    Sounds good. Please do mention the success of retyring things after your recompilation.

    Due to files being root:root, I suppose you'll want to

    chown -R amanda:disk /etc/amanda* ~amanda/ /var/log/amanda/ <path_to_holding_disk>

    first too.

    Paul

  4. #14

    Default

    A couple of things actually, but it looks like I am now good (and yes, I did chown the index files, dump files, and config files to amanda:disk first.

    I did the recompile, and then amdump came back claiming it needed to be run as root, and not amanda. I remember this from before, which is probably why I had still been running as root, but I noted that the message was now more detailed - and pointed to the "dumpuser" entry in amanda.conf, which for historical reasons, was still set to "root".

    So, a change of "dumpuser" coupled with the correct recompile, looks like things are good. I'll run a couple of days and report for sure . . .

    - TIm

  5. #15
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    306

    Default

    Ah, I didn't think of "dumpuser". I was trying to think why amdump would be telling you (contrarily) to run as root instead of amanda user.

    Sounds like things are straightened out. Yes, please report back.

    Paul

  6. #16

    Default

    I guess that is one of the reasons I had problems - the documentation, especially concerning initial setup is fragmented and scattered - all the options are explained, but nowhere is there a concise section that explains the interactions and gives an overall view of configuration and installation, and how all the parameters and settings interact. The doc from 2.5.x to 2.6.x was especially unclear about the changes, and pretty much left me feeling that I was on my own to figure out the changes. Dumpuser, for instance. For years, dump has historically been run as root on *nix systems, and there is no mention whatsoever that it needs to be different, or for that matter, that disks need to have group permission to "disk" (dev-mapper on my server still creates devices root:root 640, so I have to correct at boot, and no, it's not udev . . . ).

    So, I suggest that whoever manages the docs have a good, hard, look at the installation section - it would not take too much effort at all to make it a lot clearer . . .
    and I have been professionally in Unix and such for 20+ years - if it gave me trouble, I can't be the only one . . . .

    - Tim

  7. #17
    Join Date
    Aug 2008
    Posts
    184

    Default

    Thanks for your feedback. Please do let us know if you have specific feedback on a particular document. If the fix is on the Amanda wiki, we would be thrilled if you edited some of the pages to make them more useful for system administrators.

    Also, it will be great if you can share more details about your configuration e.g. backup media used, number of clients, size of backups, observed performance etc. This information will be very useful for future Amanda users.

    Thanks!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •