Recently here was some discussion about uid used to run Bacula. Now, I'm trying to make storage daemon to run as user/group bacula. User bacula belongs to group disk (FC4, no SELinux)
Tape drive (Exabyte VXA-2) is /dev/nst0: [EMAIL PROTECTED] dev]# ll nst0 crw-rw---- 1 root disk 9, 128 Jan 7 22:56 nst0 [EMAIL PROTECTED] dev]# ll / | grep dev drwxr-xr-x 9 root root 4860 Jan 12 15:52 dev mtx is world executable: [EMAIL PROTECTED] dev]# ll `which mtx` -rwxr-xr-x 1 root root 20480 Mar 7 2005 /usr/sbin/mtx Anyway, storage daemon still cannot access the tape drive: 18-Jan 11:25 dogbert-sd: BackupCatalog.2006-01-18_11.25.04 Fatal error: dev.c:362 dev.c:356 Unable to open device "Exabyte" (/dev/nst0): ERR=Permission denied 18-Jan 11:25 dogbert-sd: BackupCatalog.2006-01-18_11.25.04 Fatal error: device.c:296 Unable to open device "Exabyte" (/dev/nst0): ERR=dev.c:356 Unable to open device "Exabyte" (/dev/nst0): ERR=Permission denied 18-Jan 11:25 dogbert-fd: BackupCatalog.2006-01-18_11.25.04 Fatal error: job.c:1602 Bad response to Append Data command. Wanted 3000 OK data, got 3903 Error append data Status Storage from console results in: Device status: Device "Exabyte" (/dev/nst0) is not open or does not exist. What else is required before SD can run as non-root? Kern mentions "tape control channel" in his 1.38.4 release message, what is that contol channel? Does it apply only to autochangers (I don't have a one)? btw, Running both SD and director as non-root user/group bacula is certainly a good thing in to start with, but does that still give some unnecessary power (group disk privs to file system...) to the director? Maybe I should consider removing user bacula from group disk, and make SD only to run as user bacula / group disk? -- TiN ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642 _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
