From: Niall O Broin (niall@magicgoeshere.com)
Date: Wed Mar 12 2003 - 06:12:25 EST
I have a problem with Amanda which has me stumped, though I'm posting here
rather than to the Amanda list because as will become clear, the problem is
with Solaris rather than Amanda per se. My Amanda server is a Linux box
backing up a mix of Linux and Solaris clients. One of thedevelopers realised
the other day that there was some important data on a filesystem on a Solaris
box which was not being backed up. "No problem", I said, "I'll just add it
into the Amanda list now" and to be extra paranoid, I kicked off the nightly
backup a couple of hours earlier.
Some time later, in comes the email, and the filesystem has, to my annoyance,
NOT been backed up. A little investigation and I come up with an Amanda debug
file which tells me
DUMP: Cannot open dump device `/dev/rdsk/c0t0d0s6': Permission denied
which is fair enough, but why ?
amanda does backups using a specific user (NOT root), usually called amanda,
which has appropriate rights on the client system to backup disks. On this
2.5.1 box, amanda is a member of groups root and sys. The root file system on
this box, which is on /dev/dsk/c0t0d0s0, is happily backed up by amanda.
Details of permissions are as follows :
bash-2.04$ ls -l /dev/rdsk/c0t0d0s[06]
lrwxrwxrwx 1 root root 50 Mar 22 2001 /dev/rdsk/c0t0d0s0 ->
../../devices/pci@1f,0/pci@1,1/ide@3/dad@0,0:a,raw
lrwxrwxrwx 1 root root 50 Mar 22 2001 /dev/rdsk/c0t0d0s6 ->
../../devices/pci@1f,0/pci@1,1/ide@3/dad@0,0:g,raw
bash-2.04$ ls -l /devices/pci@1f,0/pci@1,1/ide@3/dad@0,0:[ag]
brw------- 1 root sys 141, 0 Mar 22 2001
/devices/pci@1f,0/pci@1,1/ide@3/dad@0,0:a
brw------- 1 root sys 141, 6 Mar 22 2001
/devices/pci@1f,0/pci@1,1/ide@3/dad@0,0:g
bash-2.04$ ls -l /usr/sbin/ufsdump
lrwxrwxrwx 1 root root 21 Mar 22 2001 /usr/sbin/ufsdump ->
../lib/fs/ufs/ufsdump
bash-2.04$ ls -l /usr/lib/fs/ufs/ufsdump
-r-sr-sr-x 1 root tty 158288 Sep 2 1999 /usr/lib/fs/ufs/ufsdump
and this leads to two different questions:
Why is /usr/lib/fs/ufs/ufsdump is a setuid AND setgid executable ? Filesystem
dumping should be a privileged activity, only to be carried out by users with
appropriate permissions. This is in fact the case, as joe user can't dump a
filesystem, so presumably /usr/lib/fs/ufs/ufsdump is doing its own checks
against the real UID, but I'm wondering why it just does not run as an
ordinary executable, letting the invoking user's permissions take care of
matters ? I am I suppose missing something trivial there. I do imagine that
ufsdump has to do some permission twiddling because the permissions above
show that the amanda user has NO read permission on either of the disks, yet
she can happily backup /dev/rdsk/c0t0d0s0.
Why can't amanda backup /dev/rdsk/c0t0d0s6 when she can backup
/dev/rdsk/c0t0d0s0 ? There's no visible difference in permissions.
Kindest regards,
Niall O Broin
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:25:58 EDT