The security.conf file much more the whole path to it must be writable to root only. The Port defaults it to ${ETCDIR}/security.conf wich is writable by the amanda user. In that case all backups fail on this host after the update. It should, if at all, reside in /etc or /usr/local/etc as amanda-security.conf or there should be at least a NOTE in /usr/ports/UPDATING and after the install itself.
Indeed. This is causing much pain here - after upgrade 3.3.6 to 3.3.9, many of my machines fail their backup because /usr/local/etc/ is writable for wheel here (because local requirements need a given user group to be able to atomically replace a config file, read "move file.new file", and we do not want them to use sudo if unix file permissions can handle this perfectly well). BTW, the path for amanda-client-3.3.9,1 is /usr/local/etc/amanda/security.conf - and the package isn't creating /usr/local/etc/amanda/ at all if only the client is installed.
The maintainer seems to be MIA. Can either of you provide a patch that fixes this?
As of now, the file is installed as -rw-r--r-- 1 root wheel 2037 Feb 16 16:37 /usr/local/etc/amanda/amanda-security.conf so the problem seems to be gone.