I use bat on my workstation to control my bacula server. For that purpose you can run bat as non-root user if you have your own config file like that: /usr/sbin/bat -c ~/.bacula/bat.conf This worked with the 5.0.1 ebuild, but does not anymore with the 5.0.2 ebuild because some libs are only accessible by the root user: mschiff@bart ~ $ ls -l /usr/lib/libbaccfg-5.0.1.so /usr/lib/libbac-5.0.1.so -rwxr-x--- 1 root root 301952 26. Mai 11:18 /usr/lib/libbac-5.0.1.so -rwxr-x--- 1 root root 31856 26. Mai 11:18 /usr/lib/libbaccfg-5.0.1.so mschiff@bart ~ $ please make those libs 0755 instead of 0750 When I chmod 0755 those two libs it works as expected.
emerge --info Portage 2.2_rc67 (default/linux/amd64/10.0/desktop, gcc-4.4.3, glibc-2.11.1-r0, 2.6.34-gentoo x86_64) ================================================================= System uname: Linux-2.6.34-gentoo-x86_64-Intel-R-_Core-TM-2_Duo_CPU_T7300_@_2.00GHz-with-gentoo-2.0.1 Timestamp of tree: Tue, 25 May 2010 11:15:02 +0000 distcc 3.1 x86_64-pc-linux-gnu [disabled] ccache version 2.4 [enabled] app-shells/bash: 4.1_p7 dev-java/java-config: 2.1.11 dev-lang/python: 2.6.5-r2, 3.1.2-r3 dev-util/ccache: 2.4-r8 dev-util/cmake: 2.8.1-r1 sys-apps/baselayout: 2.0.1 sys-apps/openrc: 0.6.1-r1 sys-apps/sandbox: 2.2 sys-devel/autoconf: 2.13, 2.65 sys-devel/automake: 1.9.6-r3, 1.10.3, 1.11.1 sys-devel/binutils: 2.20.1-r1 sys-devel/gcc: 4.4.3-r2 sys-devel/gcc-config: 1.4.1 sys-devel/libtool: 2.2.6b virtual/os-headers: 2.6.33 ACCEPT_KEYWORDS="amd64 ~amd64" ACCEPT_LICENSE="* -@EULA Q3AEULA PUEL dlj-1.1 skype-eula googleearth" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=core2 -Os -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/lib64/tomoyo/conf /usr/share/X11/xkb /usr/share/config /var/lib/hsqldb" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/eselect/postgresql /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/splash /etc/terminfo" CXXFLAGS="-march=core2 -Os -pipe" DISTDIR="/usr/portage/distfiles" EMERGE_DEFAULT_OPTS="--keep-going --load-average=3.0" FEATURES="assume-digests ccache distlocks fixpackages news parallel-fetch preserve-libs protect-owned sandbox sfperms splitdebug strict unmerge-logs unmerge-orphans userfetch" GENTOO_MIRRORS="http://de-mirror.org/distro/gentoo/ http://linux.rz.ruhr-uni-bochum.de/download/gentoo-mirror/ http://ftp.uni-erlangen.de/pub/mirrors/gentoo" LANG="C" LDFLAGS="-Wl,-O1 -Wl,--as-needed" LINGUAS="de" MAKEOPTS="-j4" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/var/lib/layman/vmware /var/lib/layman/sunrise /var/lib/layman/kde /var/lib/layman/qting-edge /var/lib/layman/kde-sunset /var/lib/layman/roslin /var/lib/layman/enlightenment /usr/local/portage/local" SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage" USE="X a52 aac aalib acl acpi adns akonadi alsa amd64 ao audiofile bacula-clientonly bacula-console bash-completion berkdb bluetooth branding bzip2 cairo caps cdda cddb cdr cli consolekit cracklib crypt css cups curl cxx dbus device-mapper dhclient disk-partition dri dts dvd dvdr emboss encode exif fam ffmpeg firefox flac fortran gdbm geolocation gif gimp glibc-omitfp google-gadgets gpm gtk hal iconv id3tag ieee1394 ipod jpeg kde kipi l7filter lame laptop lcms ldap libnotify lm_sensors logrotate loop-aes lzo mad mikmod mjpeg mmap mmx mmxext mng modules mp3 mp4 mpeg mudflap multilib musicbrainz mysql ncurses networkmanager nls nptl nptlonly nsplugin ntp ogg openexr opengl openmp pam pango pcmcia pcre pdf perl phonon png policykit postgres ppds pppd python qt3support qt4 readline reflection rss samba sdl semantic-desktop session smapi smp sndfile spell spl sse sse2 ssl ssse3 startup-notification svg sysfs tcpd threads thumbnail tiff truetype unicode usb utempter vcd vim-syntax vnc vorbis webkit wifi x264 xattr xcb xcomposite xinerama xml xorg xscreensaver xulrunner xv xvid zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CAMERAS="canon" ELIBC="glibc" INPUT_DEVICES="keyboard mouse synaptics evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="de" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="nvidia" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CPPFLAGS, CTARGET, FFLAGS, INSTALL_MASK, LC_ALL, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
The default permissions gets changed upstream in 5.0.2. Please see the discussion in http://bugs.bacula.org/view.php?id=1532 esp. the second comment. As a suggestion: You can always call bat or bconsole via sudo.
(In reply to comment #2) > The default permissions gets changed upstream in 5.0.2. Please see the > discussion in http://bugs.bacula.org/view.php?id=1532 esp. the second comment. > > As a suggestion: You can always call bat or bconsole via sudo. > Thanks for the upstream bugreport. Oh well, they force the user to call their binaries as root and then call it "better security". Thats really weired. I really would appreciate if you would fix that in gentoo at least. Why should executing bat as root be more secure than calling it as a user???
As bacula is a 'system wide' backup solution and not a 'user wide' I can see their point to request to be root or enabled by root to control the backup process, have insight into files backed up from other users, restore them and so on. I know that they have a second line of defense with the passwords in the config files, but I will not change these behaviour. Sorry!
