Bug 20510 - Amanda 'run-as' user 'operator' can't read own home directory
Summary: Amanda 'run-as' user 'operator' can't read own home directory
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Red Hat Powertools
Classification: Retired
Component: amanda
Version: 7.0
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Trond Eivind Glomsrxd
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2000-11-08 09:40 UTC by Thais Smith
Modified: 2008-05-01 15:37 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2000-11-20 16:28:24 UTC
Embargoed:


Attachments (Terms of Use)

Description Thais Smith 2000-11-08 09:40:01 UTC
When backing up a Red Hat 7 system from another machine, an entry must be made in .amandahosts in the home directory of the user amanda is configured to run as.  As shipped, this user is 'operator', whose home directory is /root, which is owned root.root, mode 750, so the amanda system can't read the .amandahosts file and remote access is always denied.

Workaround: make /root mode 751 and the .amandahosts file mode 644 owned by root, be careful about all other files in /root

Suggested fix: change the amanda package to run as a user 'amanda' or 'amuser'

Note: this requires a rebuild as there are a couple of setuid-root binaries with amanda that check the real UID they were invoked as and refuse to run if this is not correct.

Comment 1 Neal D. Becker 2000-11-20 16:28:21 UTC
Also, amanda runs as user operator, who is a member of group disk.
xinetd broke this.  I needed to add group=disk to xinetd.d/amanda... 
Otherwise access to /dev/hdaxxx and /etc/dumpdates failed with permission
denied.
I think my setup is stock RH.  (My amanda server is currently RH6.2 while the
client is 7.0)


Comment 2 Trond Eivind Glomsrxd 2001-01-31 00:08:51 UTC
All of this should be fixed in amanda-2.4.2-2, coming soon to a Rawhide near you.


Note You need to log in before you can comment on or make changes to this bug.