On installation, app-backup/amanda will install /etc/amanda/amanda-security.conf owned by user amanda and group amanda. This file controls a handful of security related settings for amanda that aren't always used (their usage depends on the exact configuration), but when they are used, Amanda itself refuses to run if the file is writable by anyone but the root user (because the point of having the separate 'amanda' user is privilege separation). As a result, when an Amanda server that is configured in such a way that it needs this file (for example, if some of the clients use bsdudp or bsdtcp authentication), backups start failing after an upgrade unless the file ownership is corrected. Similar issues are encountered on Amanda client systems using custom system commands (for example, pointing to a local wrapper for tar). Given this, I request that the default ownership for the file be changed to root:root, with permissions 644 (it still needs to be readable by the amanda user) to avoid this issue for users of these features when upgrading or rebuilding app-backup/amanda.
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=95ee4b091e3c6e5e1db342a57b6fdee53b095e8c commit 95ee4b091e3c6e5e1db342a57b6fdee53b095e8c Author: Robin H. Johnson <robbat2@gentoo.org> AuthorDate: 2017-11-13 20:32:41 +0000 Commit: Robin H. Johnson <robbat2@gentoo.org> CommitDate: 2017-11-13 20:45:00 +0000 app-backup/amanda: fix ownership of /etc/amanda/amanda-security.conf Fixes: https://bugs.gentoo.org/637332 Package-Manager: Portage-2.3.8, Repoman-2.3.3 Signed-off-by: Robin H. Johnson <robbat2@gentoo.org> app-backup/amanda/amanda-3.5-r1.ebuild | 9 +++++++++ 1 file changed, 9 insertions(+)
