Your message dated Tue, 16 Oct 2018 19:34:15 +0000
with message-id <[email protected]>
and subject line Bug#910927: fixed in bacula 9.2.1-3
has caused the Debian Bug report #910927,
regarding bacula-sd.service should specify SupplementaryGroups=bacula
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
910927: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=910927
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: bacula-sd
Version: 7.4.4+dfsg-6
There is a difference in behaviour between the SystemV init script,
/etc/init.d/bacula-sd, and its systemd counterpart. The former starts
/usr/sbin/bacula-sd as root with command-line arguments to specify the
uid and gid to run as, while in the latter systemd starts the daemon
with User=bacula and Group=tape. This difference has an impact on the
running daemon's supplementary group list: in the SystemV case this
includes group bacula, but not in the systemd case.
This can lead to problems when switching from SystemV to systemd (e.g.,
on upgrade from jessie to stretch) if the administrator has chosen to
rely on membership in group bacula for access control. One scenario where
this will occur is if bacula-sd is configured to use TLS credentials and
the secret key is owned by root:bacula and not readable by others. (One
may want the daemon to only have read access to the key, and group tape
may have other members who should not have access.)
Adding /etc/systemd/system/bacula-sd.service.d/groups.conf with
[Service]
SupplementaryGroups=bacula
has been verified to cure the symptoms. I suggest including this setting
in /lib/systemd/system/bacula-sd.service .
--- End Message ---
--- Begin Message ---
Source: bacula
Source-Version: 9.2.1-3
We believe that the bug you reported is fixed in the latest version of
bacula, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Carsten Leonhardt <[email protected]> (supplier of updated bacula package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 16 Oct 2018 09:43:28 +0200
Source: bacula
Binary: bacula bacula-common bacula-common-sqlite3 bacula-common-pgsql
bacula-common-mysql bacula-director bacula-director-sqlite3
bacula-director-mysql bacula-director-pgsql bacula-client bacula-fd
bacula-server bacula-sd bacula-bscan bacula-console bacula-console-qt
bacula-director-common
Architecture: source
Version: 9.2.1-3
Distribution: unstable
Urgency: medium
Maintainer: Debian Bacula Team <[email protected]>
Changed-By: Carsten Leonhardt <[email protected]>
Description:
bacula - network backup service - metapackage
bacula-bscan - network backup service - bscan tool
bacula-client - network backup service - client metapackage
bacula-common - network backup service - common support files
bacula-common-mysql - network backup service - MySQL common files
bacula-common-pgsql - network backup service - PostgreSQL common files
bacula-common-sqlite3 - network backup service - SQLite v3 common files
bacula-console - network backup service - text console
bacula-console-qt - network backup service - Bacula Administration Tool
bacula-director - network backup service - Director daemon
bacula-director-common - transitional package
bacula-director-mysql - network backup service - MySQL storage for Director
bacula-director-pgsql - network backup service - PostgreSQL storage for
Director
bacula-director-sqlite3 - network backup service - SQLite 3 storage for
Director
bacula-fd - network backup service - file daemon
bacula-sd - network backup service - storage daemon
bacula-server - network backup service - server metapackage
Closes: 910927
Changes:
bacula (9.2.1-3) unstable; urgency=medium
.
[ Sven Hartge ]
* Add SupplementaryGroups to bacula-sd systemd unit to allow it
to read files owned by root:bacula, for example TLS keys.
Thanks Sergio Gelato for spotting this. (Closes: #910927)
.
[ Carsten Leonhardt ]
* Install upstream release notes as "NEWS", conform with standards
version 4.2.1.
Checksums-Sha1:
08476fc2bfd98cfd793317dde275d448f4f27122 3500 bacula_9.2.1-3.dsc
23cc91d89a5c5a5f575f2721fbc199f2b5cb25ab 73992 bacula_9.2.1-3.debian.tar.xz
04744657195403bd10d6d2191f8b039a5c178f63 10936 bacula_9.2.1-3_source.buildinfo
Checksums-Sha256:
2d0fb5b793f620f049cc165817e3053332720e2e7526b5fae2ea730778dc87ec 3500
bacula_9.2.1-3.dsc
8dc2513b8b5df41772ffde9b376756c560fd81d4ca961a960b42b78bf18197c2 73992
bacula_9.2.1-3.debian.tar.xz
45b4cdd43c08f437c1ee15af86b6b746de496a574ea15c31fa58863b60c40af6 10936
bacula_9.2.1-3_source.buildinfo
Files:
e28494f68f75aa44b123b43468bc650b 3500 admin optional bacula_9.2.1-3.dsc
907f4dabf50271253e8cd3477ef6d054 73992 admin optional
bacula_9.2.1-3.debian.tar.xz
e5efe03a8fb7f212da0ab7b5e1f80eb3 10936 admin optional
bacula_9.2.1-3_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJDBAEBCgAtFiEETxO/995XSygF6EUmKrIctfbulV4FAlvGPNAPHGxlb0BkZWJp
YW4ub3JnAAoJECqyHLX27pVeOQYQANQt2O7kDCtdb0LXR6frhwhAde8mvR/YPcs3
7f5NW1XcKWCMCfUE1p1OzhOFjuC3AFHKvaOD1H7k0MrM8t4PXWfGyTzwR+RBymOU
8rFpGhyB/NxUczQVaNk8hrnjWcnBC1K1lhfjYWAe/AqyYiqWuLt/2M7uOuR9BNmH
dlrRy56GSsxxnGle6zXdBieDeZthJw4EcDXyCOoWeyvKs4XZig1an4LZFblPwzCg
ZiyjGLs0PgLdT7k1uzk9JjiomcnGfqMzWdbAbRkFXmsF8h2L19UdffQYBjvn1E/m
jWu13kNVF9xAPPLXBFonKdPi23f6/34Nc8Gpu2ToVqrEQGu1ewldlbgPesyEAzgJ
6qdkOnH8air5jgy2MHRPR2a6um/sR+1KPErK+eOgCIyY4snGvj1n8xAfUA5B5VNw
aRl10lj8gWfVYct3a75fH7i6jE4a7N+jnRUKiM6/dXC/uJuKEmw/JCwCSEcDH23S
XrHwEK0JAB2A+oUgEnX1gJ+zNwO/9vQwa20wDgnSCAc+dMDo1CbuOOhwsCwigKm9
0hMTJCQvHfU82y7N/vSZHZdVODgS6TjM2MWA/YSq6v3XSikptmCIBdHjAZ9b3awq
6j76+RY4M3/ahN0MAN1tnglQeoZx+jRlIdmFYcdygbL5P//VXHgcEXfrpDkDLhmL
jCUIPKdZ
=IabM
-----END PGP SIGNATURE-----
--- End Message ---
