Re: setuid question

To: debian-user@lists.debian.org
Subject: Re: setuid question
From: Gene Heskett <gheskett@shentel.net>
Date: Fri, 22 Jan 2021 19:38:33 -0500
Message-id: <[🔎] 202101221938.33214.gheskett@shentel.net>
In-reply-to: <[🔎] CACwCsY6MdvmmWtr4bNosx-N4JrXdEYwDCftO8_Rk4=AYhN-yOg@mail.gmail.com>
References: <[🔎] 202101221829.25934.gheskett@shentel.net> <[🔎] CACwCsY6MdvmmWtr4bNosx-N4JrXdEYwDCftO8_Rk4=AYhN-yOg@mail.gmail.com>

On Friday 22 January 2021 18:36:29 Larry Martell wrote:

> On Fri, Jan 22, 2021 at 3:29 PM Gene Heskett <gheskett@shentel.net> 
wrote:
> > Greeting all;
> >
> > I have a problem, using amanda, locally
> > built. /usr/local/libexec/amanda/ambind needs to be setuid, but
> > isn't.
> >
> > How or what do I do to fix it?
>
> chmod u+s /usr/local/libexec/amanda/ambind
Doesn't fix it Larry
root@coyote:amanda-3.5.1$ su amanda -c "/usr/local/sbin/amcheck Daily"
Amanda Tape Server Host Check
-----------------------------
ERROR: program /usr/local/libexec/amanda/ambind: not setuid-root
NOTE: Holding disk '/sdb/dumps': 212792 MB disk space available, using 
212292 MB
Searching for label 'Dailys-3':found in slot 3: volume 'Dailys-3'
Will write to volume 'Dailys-3' in slot 3.
NOTE: skipping tape-writable test
Server check took 0.102 seconds
Amanda Backup Client Hosts Check
--------------------------------
ERROR: coyote: selfcheck request failed: ambind: bind failed A: 
Permission denied
ERROR: shop: selfcheck request failed: ambind: bind failed A: Permission 
denied
ERROR: lathe: selfcheck request failed: ambind: bind failed A: Permission 
denied
ERROR: GO704: selfcheck request failed: ambind: bind failed A: Permission 
denied
ERROR: rpi4: selfcheck request failed: ambind: bind failed A: Permission 
denied
Client check: 5 hosts checked in 11.298 seconds.  5 problems found.
(brought to you by Amanda 3.5.1)
root@coyote:amanda-3.5.1$ ls -l /usr/local/libexec/amanda/ambind
-rwsr-x--- 1 amanda backup 26640 Jan 22 
18:46 /usr/local/libexec/amanda/ambind

A simple make install, after making it as amanda has always Just Worked 
for about 15 years before now. The build has been driven by this script 
for about that many years also, with one recent addition to 
the ./configure arguments, as follows:

root@coyote:amanda-3.5.1$ cat gh.cf
#!/bin/sh
# since I'm always forgetting to su amanda...
if [ `whoami` != 'amanda' ]; then
        echo
        echo "!!!!!!!!!!!!!!!!!! Warning !!!!!!!!!!!!!!!!!!!"
        echo "Amanda needs to be configured and built by the"
        echo "user amanda, but must be installed by user root."
        echo
        exit 1
fi
make clean
rm -f config.status config.cache
./configure --with-user=amanda \
        --with-group=disk \
        --with-owner=amanda \
        --with-gnu-ld \
        --prefix=/usr/local/ \
        --with-debugging=/tmp/amanda-dbg/ \
        --with-tape-server=coyote \
        --with-bsdtcp-security --with-amandahosts \
        --with-configdir=/usr/local/etc/amanda \
        --enable-manpage-build  \
        --with-readline \
        --without-ipv6 \ <-most recent addition
        --with-gnutar=/bin/tar
echo "sleeping for reading configures warnings"
echo "a make as amanda will continue after 75 seconds..."
sleep 75
make

Thanks Larry.

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page <http://geneslinuxbox.net:6309/gene>

Reply to:

Follow-Ups:
- Re: setuid question
  - From: Larry Martell <larry.martell@gmail.com>

References:
- setuid question
  - From: Gene Heskett <gheskett@shentel.net>
- Re: setuid question
  - From: Larry Martell <larry.martell@gmail.com>

Prev by Date: Re: setuid question
Next by Date: Re: setuid question
Previous by thread: Re: setuid question
Next by thread: Re: setuid question
Index(es):
- Date
- Thread