Bug 1423040
| Summary: | amidxtaped fails when using local authentication with disk-based changer device | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Dan Astoorian <djast> | ||||
| Component: | amanda | Assignee: | Josef Ridky <jridky> | ||||
| Status: | CLOSED ERRATA | QA Contact: | David Jež <djez> | ||||
| Severity: | unspecified | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | 7.3 | CC: | djast, jridky, ovasik, psklenar, tcerna | ||||
| Target Milestone: | rc | Keywords: | EasyFix, Patch | ||||
| Target Release: | --- | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | amanda-3.3.3-21.el7 | Doc Type: | If docs needed, set a value | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | |||||||
| : | 1427775 (view as bug list) | Environment: | |||||
| Last Closed: | 2018-10-30 11:22:10 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | |||||||
| Bug Blocks: | 1427775, 1465906 | ||||||
| Attachments: |
|
||||||
May I ask you for test of following amanda version [1] ? This scratch-build should contain fix of described problem. [1] https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=12568176 I cannot test this--I am not a Red Hat employee, and brewweb.engineering.redhat.com appears to be an internal site--it has no public IP address. Does the scratch-build contain the source code fix I described? Created attachment 1252406 [details]
applied patch
applied patch
(In reply to Dan Astoorian from comment #3) > I cannot test this--I am not a Red Hat employee, and > brewweb.engineering.redhat.com appears to be an internal site--it has no > public IP address. > > Does the scratch-build contain the source code fix I described? Yes, this build contains patch from attachment (see comment #4). This issue is even in upstream version (upstream contacted already). Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:3216 |
Description of problem: Local authentication does not work with Amanda disk-based tape changer; using amrecover with "-o auth=local" fails to restore files. Version-Release number of selected component (if applicable): amanda-3.3.3-17.el7.x86_64 How reproducible: Always Steps to Reproduce: 1. Configure Amanda to use a disk-based tape changer; e.g.: define changer mychanger { tapedev "chg-disk:/path/to/dumps" } tapedev "mychanger" 2. Run amrecover DailySet1 -o auth=local and attempt to extract a file from the chg-disk device. 3. Actual results: amrecover reports: Got no header and data from server, check in amidxtaped.*.debug and amandad.*.debug files on server and the amidxtaped.*.debug file under /var/log/amanda/server/DailySet1 reports: amidxtaped: Insecure dependency in unlink while running setgid at /usr/lib64/perl5/vendor_perl/Amanda/Changer/disk.pm line 477. Expected results: The files should be successfully extracted. Additional info: Line 259 of ./amanda-3.3.3/common-src/local-security.c from amanda-3.3.3.tar.gz in the source RPM reads: setregid(uid, gid); Clearly, this should instead be setregid(gid, gid); Because the amandabackup user has uid=33 and gid=6(disk), amandad sets its credentials with gid=33 and egid=6; this triggers the Perl security check when amandad invokes amidxtaped.