On Tuesday 27 June 2006 20:42, Timo Neuvonen wrote:
> > If you installed from rpms, we initially had a few problems getting
> > all the permissions right to run the SD properly. I believe that it
> > is all straightened out now.
>
> I've always installed from rpms, sometimes I've used downloaded binary
> rpms, sometimes (like when upgrading to 1.38.10-3 today) I've built them by
> myself from source rpm. But installs from rpms anyway.
>
> > There should be a user:group bacula:bacula
>
> So there is.
>
> > Basically, the SD should run as bacula:disk (user:group)
>
> Partial copy-paste from ps's output:
> /usr/sbin/bacula-sd -u bacula -g disk -c /etc/bacula/bacula-sd.conf
> Correct, I guess?
>
> Actually, I think I was somehow messing around while SD's tape drive access
> was debugged a few months ago. It may even have been me who was somehow
> guilty for the idea of running SD as group disk, I think the original
> (non-working) way was something else(*. Anyway, the SD can now access the
> tape drive /dev/nst0:
> crw-rw---- 1 root disk 9
> So this was another issue, not the one of today's.
>
> *) My newer (FC5) system has only user root in group disk, the older FC4
> has also user bacula in group disk (in addition to group bacula). This
> obviously remains from those old days. But both the systems behave in the
> same way, so this shouldn't be a problem now.
> Right now I'm in the middle of problem "tapes don't get labeled" so I leave
> removing bacula from group disk to a little bit later time. And I'm afraid
> I'll need to open another thread tomorrow about this labeling issue...
>
> > /var/bacula should be root:bacula
>
> It is.
>
> > and the user bacula should be in group bacula.
>
> It is.
>
> > With that, I think everyone has the correct permissions. I am not very
>
> good
>
> > at all this user:group stuff, so if anyone has other ideas, please say
> > so.
>
> I have the idea I don't believe in the correctness yet.
>
> At least a process running as bacula:disk (SD, mtx-changer) can't write
> into /var/bacula.
>
> The difference is, tape drive is root:disk, the directory is root:bacula.
> And the process is bacula:disk, it can access the tape but not the
> directory...
> - user bacula != user root (who owns the directory)
> - group disk != group bacula (who has group ownership of the directory)
>
> For the idea of fixing this... My first guess: how about changing the
> directory owner from root to bacula? That is, to bacula:bacula
> Is there spesific need it must be owned by root?
You can change it to bacula:bacula and I don't think it will cause any
problems. However, as long as the user bacula is in the group bacula and the
bacula group has write permission on /var/bacula, it should all work fine.
>
>
> There must be a lot of users running autochangers. How they do this? Run SD
> as root? Have changed the temporary file to /tmp directory maybe? The
> latter would solve the mtx-changer problem, but it still wouldn't allow
> writing /var/bacula/bacula-sd.9103.state This file obviously isn't very
> important, since at least I've done several succesful backups and restores
> without this file being updated properly.
>
If the SD cannot write in /var/bacula, you will not be able to do most
restores ... and you may have other problems as well.
--
Best regards,
Kern
(">
/\
V_V
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users
