Bug 219850 - misc/amanda-server Amanda security.conf must be writable by root only
Summary: misc/amanda-server Amanda security.conf must be writable by root only
Status: New
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: FreeBSD Ports Bugs (Mailing List)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-06-07 17:52 UTC by gehm
Modified: 2017-06-09 17:40 UTC (History)
3 users (show)

See Also:
bugzilla: maintainer-feedback? (fbsd)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description gehm 2017-06-07 17:52:49 UTC
The security.conf file much more the whole path to it must be writable to root only. The Port defaults it to ${ETCDIR}/security.conf wich is writable by the amanda user. In that case all backups fail on this host after the update.

It should, if at all, reside in /etc or /usr/local/etc as amanda-security.conf or there should be at least a NOTE in /usr/ports/UPDATING and after the install itself.
Comment 1 Gert Doering 2017-06-09 17:40:42 UTC
Indeed.  This is causing much pain here - after upgrade 3.3.6 to 3.3.9, many of my machines fail their backup because /usr/local/etc/ is writable for wheel here (because local requirements need a given user group to be able to atomically replace a config file, read "move file.new file", and we do not want them to use sudo if unix file permissions can handle this perfectly well).

BTW, the path for amanda-client-3.3.9,1 is /usr/local/etc/amanda/security.conf - and the package isn't creating /usr/local/etc/amanda/ at all if only the client is installed.