Re: setuid question

To: debian-user@lists.debian.org
Subject: Re: setuid question
From: Gene Heskett <gheskett@shentel.net>
Date: Fri, 22 Jan 2021 20:39:31 -0500
Message-id: <[🔎] 202101222039.31427.gheskett@shentel.net>
In-reply-to: <[🔎] CACwCsY7bkM-fB_qjsmDd+O_FN0fyL0HuF=QTLAr=4sU0XedH2A@mail.gmail.com>
References: <[🔎] 202101221829.25934.gheskett@shentel.net> <[🔎] 202101221938.33214.gheskett@shentel.net> <[🔎] CACwCsY7bkM-fB_qjsmDd+O_FN0fyL0HuF=QTLAr=4sU0XedH2A@mail.gmail.com>

On Friday 22 January 2021 19:51:36 Larry Martell wrote:

> On Fri, Jan 22, 2021 at 4:38 PM Gene Heskett <gheskett@shentel.net> wrote:
> > On Friday 22 January 2021 18:36:29 Larry Martell wrote:
> > > On Fri, Jan 22, 2021 at 3:29 PM Gene Heskett
> > > <gheskett@shentel.net>
> >
> > wrote:
> > > > Greeting all;
> > > >
> > > > I have a problem, using amanda, locally
> > > > built. /usr/local/libexec/amanda/ambind needs to be setuid, but
> > > > isn't.
> > > >
> > > > How or what do I do to fix it?
> > >
> > > chmod u+s /usr/local/libexec/amanda/ambind
> >
> > Doesn't fix it Larry
> > root@coyote:amanda-3.5.1$ su amanda -c "/usr/local/sbin/amcheck
> > Daily" Amanda Tape Server Host Check
> > -----------------------------
> > ERROR: program /usr/local/libexec/amanda/ambind: not setuid-root
> > NOTE: Holding disk '/sdb/dumps': 212792 MB disk space available,
> > using 212292 MB
> > Searching for label 'Dailys-3':found in slot 3: volume 'Dailys-3'
> > Will write to volume 'Dailys-3' in slot 3.
> > NOTE: skipping tape-writable test
> > Server check took 0.102 seconds
> > Amanda Backup Client Hosts Check
> > --------------------------------
> > ERROR: coyote: selfcheck request failed: ambind: bind failed A:
> > Permission denied
> > ERROR: shop: selfcheck request failed: ambind: bind failed A:
> > Permission denied
> > ERROR: lathe: selfcheck request failed: ambind: bind failed A:
> > Permission denied
> > ERROR: GO704: selfcheck request failed: ambind: bind failed A:
> > Permission denied
> > ERROR: rpi4: selfcheck request failed: ambind: bind failed A:
> > Permission denied
> > Client check: 5 hosts checked in 11.298 seconds.  5 problems found.
> > (brought to you by Amanda 3.5.1)
> > root@coyote:amanda-3.5.1$ ls -l /usr/local/libexec/amanda/ambind
> > -rwsr-x--- 1 amanda backup 26640 Jan 22
> > 18:46 /usr/local/libexec/amanda/ambind
>
> Try chown root /usr/local/libexec/amanda/ambind
>
> and after that check that the suid bit is still set

that fixed the ambind, but now have 132 problems with amgtar, no permission. 
tried to fix it with the same pill, get
root@coyote:amanda-3.5.1$ ls -lh /usr/local/libexec/amanda/application/amgtar
-rwxr-x--- 1 root disk 158K Jan 22 20:17 /usr/local/libexec/amanda/application/amgtar
Which says the setuid bit wasn't set so I reset it:
root@coyote:amanda-3.5.1$ chmod u+s /usr/local/libexec/amanda/application/amgtar
root@coyote:amanda-3.5.1$ ls -lh /usr/local/libexec/amanda/application/amgtar
-rwsr-x--- 1 root disk 158K Jan 22 20:17 /usr/local/libexec/amanda/application/amgtar
but still get 132 copys of:
selfcheck (etc does matter): error [exec /usr/local/libexec/amanda/application/amgtar: Permission denied]
when running:su amanda -c "/usr/local/sbin/amcheck Daily"

Something IMO has been updated in stretch's perl, that has totally screwed amanda.

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page <http://geneslinuxbox.net:6309/gene>

Reply to:

References:
- setuid question
  - From: Gene Heskett <gheskett@shentel.net>
- Re: setuid question
  - From: Gene Heskett <gheskett@shentel.net>
- Re: setuid question
  - From: Larry Martell <larry.martell@gmail.com>

Prev by Date: Re: setuid question
Next by Date: Re: Help me setup home-office hardware with free software
Previous by thread: Re: setuid question
Next by thread: Re: setuid question
Index(es):
- Date
- Thread