Bug 219850

Summary: misc/amanda-server Amanda security.conf must be writable by root only
Product: Ports & Packages Reporter: Ekkehard 'Ekki' Gehm <gehm>
Component: Individual Port(s)Assignee: freebsd-ports-bugs (Nobody) <ports-bugs>
Status: New ---    
Severity: Affects Many People CC: Trond.Endrestol, fbsd, gert
Priority: --- Keywords: needs-patch
Version: LatestFlags: bugzilla: maintainer-feedback? (fbsd)
Hardware: Any   
OS: Any   

Description Ekkehard 'Ekki' Gehm 2017-06-07 17:52:49 UTC
The security.conf file much more the whole path to it must be writable to root only. The Port defaults it to ${ETCDIR}/security.conf wich is writable by the amanda user. In that case all backups fail on this host after the update.

It should, if at all, reside in /etc or /usr/local/etc as amanda-security.conf or there should be at least a NOTE in /usr/ports/UPDATING and after the install itself.
Comment 1 Gert Doering 2017-06-09 17:40:42 UTC
Indeed.  This is causing much pain here - after upgrade 3.3.6 to 3.3.9, many of my machines fail their backup because /usr/local/etc/ is writable for wheel here (because local requirements need a given user group to be able to atomically replace a config file, read "move file.new file", and we do not want them to use sudo if unix file permissions can handle this perfectly well).

BTW, the path for amanda-client-3.3.9,1 is /usr/local/etc/amanda/security.conf - and the package isn't creating /usr/local/etc/amanda/ at all if only the client is installed.
Comment 2 Tobias Kortkamp freebsd_committer 2019-01-11 13:52:51 UTC
The maintainer seems to be MIA.  Can either of you provide a patch that
fixes this?