Re: setuid question

To: debian-user@lists.debian.org
Subject: Re: setuid question
From: Gene Heskett <gheskett@shentel.net>
Date: Sat, 23 Jan 2021 01:40:42 -0500
Message-id: <[🔎] 202101230140.42245.gheskett@shentel.net>
In-reply-to: <[🔎] fb43f8a8-dfc5-18e0-2bea-353abae71839@holgerdanske.com>
References: <[🔎] 202101221829.25934.gheskett@shentel.net> <[🔎] 8fc19daa-3c3b-a59d-7309-6adbf056c3fe@holgerdanske.com> <[🔎] fb43f8a8-dfc5-18e0-2bea-353abae71839@holgerdanske.com>

On Saturday 23 January 2021 00:23:45 David Christensen wrote:

> On 2021-01-22 15:35, David Christensen wrote:
> > On 2021-01-22 15:29, Gene Heskett wrote:
> >> Greeting all;
> >>
> >> I have a problem, using amanda, locally
> >> built. /usr/local/libexec/amanda/ambind needs to be setuid, but
> >> isn't.
> >>
> >> How or what do I do to fix it?
> >
> > How about chmod(1) as root?
> >
> > # chmod u+s /usr/local/libexec/amanda/ambind
>
> On 2021-01-22 16:09, Gene Heskett wrote:
>  > root@coyote:amanda-3.5.1$  chmod u+s
>  > /usr/local/libexec/amanda/ambind root@coyote:amanda-3.5.1$  su
>  > amanda -c "/usr/local/sbin/amcheck Daily" Amanda Tape Server Host
>  > Check
>  > -----------------------------
>  > ERROR: program /usr/local/libexec/amanda/ambind: not setuid-root
>  > NOTE: Holding disk '/sdb/dumps': 212792 MB disk space available,
>  > using 212292 MB
>  > Searching for label 'Dailys-3':found in slot 3: volume 'Dailys-3'
>  > Will write to volume 'Dailys-3' in slot 3.
>  > NOTE: skipping tape-writable test
>  > Server check took 0.103 seconds
>  > Amanda Backup Client Hosts Check
>  > --------------------------------
>  > ERROR: coyote: selfcheck request failed: ambind: bind failed A:
>  > Permission denied
>  > ERROR: shop: selfcheck request failed: ambind: bind failed A:
>  > Permission denied
>  > ERROR: lathe: selfcheck request failed: ambind: bind failed A:
>  > Permission denied
>  > ERROR: GO704: selfcheck request failed: ambind: bind failed A:
>  > Permission denied
>  > ERROR: rpi4: selfcheck request failed: ambind: bind failed A:
>  > Permission denied
>  > Client check: 5 hosts checked in 11.298 seconds.  5 problems found.
>
> On 2021-01-22 17:39, Gene Heskett wrote:
>  > On Friday 22 January 2021 19:51:36 Larry Martell wrote:
>  >> Try chown root /usr/local/libexec/amanda/ambind
>  >>
>  >> and after that check that the suid bit is still set
>  >
>  > that fixed the ambind, but now have 132 problems with amgtar, no
>
> permission.
>
>  > tried to fix it with the same pill, get
>  > root@coyote:amanda-3.5.1$ ls -lh
>
> /usr/local/libexec/amanda/application/amgtar
>
>  > -rwxr-x--- 1 root disk 158K Jan 22 20:17
>
> /usr/local/libexec/amanda/application/amgtar
>
>  > Which says the setuid bit wasn't set so I reset it:
>  > root@coyote:amanda-3.5.1$ chmod u+s
>
> /usr/local/libexec/amanda/application/amgtar
>
>  > root@coyote:amanda-3.5.1$ ls -lh
>
> /usr/local/libexec/amanda/application/amgtar
>
>  > -rwsr-x--- 1 root disk 158K Jan 22 20:17
>
> /usr/local/libexec/amanda/application/amgtar
>
>  > but still get 132 copys of:
>  > selfcheck (etc does matter): error [exec
>
> /usr/local/libexec/amanda/application/amgtar: Permission denied]
>
>  > when running:su amanda -c "/usr/local/sbin/amcheck Daily"
>  >
>  > Something IMO has been updated in stretch's perl, that has totally
>
> screwed amanda.
>
>
> Sorry I missed the chown(1).  :-(
>
>
> But, building and installing Amanda from source is turning into a
> cluster f***.

That's also why I drive the build with a script so it has a constant set 
of ./configure options, and adding a new line to that set of config 
options that specs --without-ipv6 has turned into a permissions 
cluster-f--k. So as I said, I've been doing this since before there were 
official rpms for redhat-5.0 in 1998.
>
> I assumed you had some compelling reason not to use the official
> packages:
>
> 2021-01-22 21:18:42 dpchrist@tinkywinky ~
> $ cat /etc/debian_version ; uname -a
> 9.13
> Linux tinkywinky 4.9.0-13-amd64 #1 SMP Debian 4.9.228-1 (2020-07-05)
> x86_64 GNU/Linux
>
> 2021-01-22 21:22:07 dpchrist@tinkywinky ~
> $ apt-cache search amanda | grep amanda
> amanda-client - Advanced Maryland Automatic Network Disk Archiver
> (Client) amanda-common - Advanced Maryland Automatic Network Disk
> Archiver (Libs) amanda-server - Advanced Maryland Automatic Network
> Disk Archiver (Server)
>
>
> But, I have had similar experiences building from source and I now
> avoid it like COVID-19.  Perhaps you should just use the Debian
> packages.
>
>
> David


Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page <http://geneslinuxbox.net:6309/gene>

Reply to:

Follow-Ups:
- Re: setuid question
  - From: David Christensen <dpchrist@holgerdanske.com>

References:
- setuid question
  - From: Gene Heskett <gheskett@shentel.net>
- Re: setuid question
  - From: David Christensen <dpchrist@holgerdanske.com>
- Re: setuid question
  - From: David Christensen <dpchrist@holgerdanske.com>

Prev by Date: Re: setuid question
Next by Date: Can I remove i386 packages?
Previous by thread: Re: setuid question
Next by thread: Re: setuid question
Index(es):
- Date
- Thread