On Nov 1, 1999, Rob <capvegat_private> wrote: >> Amanda's "runtar" program, suid root by default on FreeBSD 3.3, calls >> /usr/bin/tar and passes all args given to runtar to this program. Tar is > FWIW, runtar does not need to be suid root if the amanda user (defaults to > user "amanda") has read access to the raw disks. Nope, that's true in the case of `rundump', that is only enabled on platforms whose dumb `dump' programs must be run as root. But in the case of `runtar', it needs root permissions because it runs tar and `tar' reads files, not raw disk devices. Most of the issues raised for `runtar' also apply to `rundump', except that `rundump' can't usually be used to create files, only to back them up. But both programs are installed so that only the Amanda group (specified at configure time) can run them, with chmod g+x/chgrp permissions, and only the Amanda user (also specified at configure time) can tell it to actually run tar (getuid() is checked at program start-up). -- Alexandre Oliva http://www.ic.unicamp.br/~oliva IC-Unicamp, Bra[sz]il oliva@{lsd.ic.unicamp.br,guarana.{org,com}} aoliva@{acm,computer}.org oliva@{gnu.org,kaffe.org,{egcs,sourceware}.cygnus.com,samba.org} ** I may forward mail about projects to mailing lists; please use them
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:09:25 PDT