amanda-security.conf

Charles Curley Wed, 04 Sep 2019 10:36:17 -0700

Package: amanda-client
Version: 1:3.5.1-2+b2
Severity: normal
File: amanda

Dear Maintainer,


   * What led up to the situation?

     Installing amanda clients on a) Debian 10 (buster) systems
     upgraded from Debian 9 (stretch), and b) installing Debian 10
     fresh.

   * What exactly did you do (or not do) that was effective (or
     ineffective)?

     Installed amanda clients, and ran amcheck as usual as a test.

   * What was the outcome of this action?

     Error messages such as:

     picnc / lev 0  FAILED ["security file '/etc/amanda-security.conf' do not 
allow to run '/usr/bin/tar' as root for 'amgtar:gnutar_path'"]

   * What outcome did you expect instead?

     I expected amcheck to run successfully.

This bug report follows a discussion on the amanda hackers list, starting at 
https://marc.info/?l=amanda-hackers&m=156742521310310&w=2

The short of it is that Gene Heskett and I (and likely others) had encountered 
a misconfiguration in /etc/amanda-security.conf where Debian 10 had been 
freshly installed, but not where it had been upgraded from Debian 9. This is 
because a fresh install does a merger of /usr and some of its sub-directories. 
For more information on that, see 
https://www.debian.org/releases/buster/amd64/release-notes/ch-whats-new.en.html#merged-usr

So we recommend shipping /etc/amanda-security.conf with two lines for 
runtar:gnutar_path, as follows:

runtar:gnutar_path=/usr/bin/tar
runtar:gnutar_path=/bin/tar

This appears to cover both installations, and should be fairly harmless.

For the testing I did with various permutations, see 
https://marc.info/?l=amanda-hackers&m=156754855611097&w=2

I did not test any of the other possible versions of tar (amgtar:gnutar_path, 
etc.).

Thanks to Nathan Stratton Treadway <natha...@ontko.com> for his detective work 
on this.


-- System Information:
Debian Release: 10.0
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-5-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8), 
LANGUAGE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages amanda-client depends on:
ii  amanda-common       1:3.5.1-2+b2
ii  libc6               2.28-10
ii  libcurl4            7.64.0-4
ii  libglib2.0-0        2.58.3-2
ii  libreadline7        7.0-5
ii  libssl1.1           1.1.1c-1
ii  libxml-simple-perl  2.25-1
ii  perl                5.28.1-6

amanda-client recommends no packages.

Versions of packages amanda-client suggests:
pn  dump       <none>
pn  gnuplot    <none>
ii  smbclient  2:4.9.5+dfsg-5+deb10u1

-- Configuration Files:
/etc/amanda-security.conf changed [not included]

-- no debconf information

Bug#939411: amanda: merged /usr and tar path problem in /etc/amanda-security.conf

Reply via email to