On Wednesday 03 October 2018 23:13:06 Nathan Stratton Treadway wrote:
> On Thu, Oct 04, 2018 at 09:07:53 +0700, Olivier wrote:
> > The error message is complaining about the mode of the directory,
> > not about the file. But mode on /usr/local/etc are not for Amanda
> > only, it's a system stuff, so it is not really realistic to change
> > them.
> >
> > So the solution was to move the file to /usr/local/etc/amanda, as
> > suggested by the man, where you can adjust the mode more to Amanda
> > linking.
>
> While trying to figure out the error messages Gene was reporting I
> took a look at the source code that performs this security check [*]
> and found that it specifically checks the ownership and permissions of
> each containing directory all the way up the path. So, in this case,
> if it doesn't like the permissions of /usr/local/etc/, moving it under
> /usr/local/etc/amanda/ won't actually avoid the error message -- it
> will still check /usr/local/etc/ because it's a parent of the
> .../amanda/ directory.
>
> Here's what Jean-Louis wrote on the topic back in Jun 2017:
> The complete path to security.conf must be owned and writable only
> by the root user
> [...]
> That's why it is by default in /etc and not in /etc/amanda which
> must be writable by the amanda user.
>
>
> [*] for what it's worth, it's done in the function
> check_security_file_permission_message_recursive() found in
> common-src/security-file.c
>
> > To do that, I modified the Makefile in FreeBSD port to include the
> > option:
> >
> > --with-security-file=/usr/local/etc/amanda/amanda-security.conf
> >
> > [ In the case of FreeBSDm it was:
> >
> > --with-security-file=${ETCDIR}/amanda/amanda-security.conf
>
> Have you completed the build process with this configure parameter in
> place? (I'm curious to hear if it did work as expected for you.)
No, I've ctl+c'd the script as soon as the not found error is reported in
the configure summary.
Now I wasted another 1.5 hours by makeing the file root:root 0600 and
putting it in /etc. Same damned error from configure, not found. Of
course its not found, configure as it exists, couldn't find its ass with
both hands. The user amanda can see it just fine.
I appreciate that both of you are trying to help, but we're beating a
dead horse here.
>
> Nathan
>
> ----------------------------------------------------------------------
>------ Nathan Stratton Treadway - [email protected] - Mid-Atlantic
> region Ray Ontko & Co. - Software consulting services -
> http://www.ontko.com/ GPG Key:
> http://www.ontko.com/~nathanst/gpg_key.txt ID: 1023D/ECFB6239 Key
> fingerprint = 6AD8 485E 20B9 5C71 231C 0C32 15F3 ADCD ECFB 6239
Copyright 2018 by Maurice E. Heskett
--
Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page <http://geneslinuxbox.net:6309/gene>
