dumpdates-path
fix-amserverconfig-path
+amandabackup-hard-coded
# Use /etc/amanda/pgpassfile for authentication credentials
# (Note: for PostgreSQL 8.0.x, you must use PG-PASSWORD instead)
# Should contain an appropriate line for foo (below).Example:
-# localhost:*:*:amandabackup:my_backup_password
+# localhost:*:*:backup:my_backup_password
# The file must be owned by the Amanda user with permissions 0600
property "PG-PASSFILE" "/etc/amanda/pgpassfile"
property "foo-PG-HOST" "localhost"
# Connect to port 5432 (PostgreSQL's default)
property "foo-PG-PORT" "5432"
-# Connect as user amandabackup (Note: must be a superuser)
-property "foo-PG-USER" "amandabackup"
+# Connect as user backup (Note: must be a superuser)
+property "foo-PG-USER" "backup"
# Connect to database template1 (exists by default)
property "foo-PG-DB" "template1"
# Database's data directory
-#amanda stream tcp nowait amandabackup @amlibexecdir@/amandad -auth=bsdtcp amdump
-amanda stream tcp nowait amandabackup @amlibexecdir@/amandad amandad -auth=bsdtcp amdump
+#amanda stream tcp nowait backup @amlibexecdir@/amandad -auth=bsdtcp amdump
+amanda stream tcp nowait backup @amlibexecdir@/amandad amandad -auth=bsdtcp amdump
-amanda stream tcp nowait amandabackup @amlibexecdir@/amandad amandad -auth=bsdtcp amdump amindexd amidxtaped
+amanda stream tcp nowait backup @amlibexecdir@/amandad amandad -auth=bsdtcp amdump amindexd amidxtaped
socket_type = stream
protocol = tcp
wait = no
- user = amandabackup
+ user = backup
group = disk
groups = yes
server = @amlibexecdir@/amandad
socket_type = stream
protocol = tcp
wait = no
- user = amandabackup
+ user = backup
group = disk
groups = yes
server = @amlibexecdir@/amandad
'plugin' => '"script-email"',
'execute-on' => 'pre-host-backup, post-host-backup',
'execute-where' => 'client',
- 'property' => '"mailto" "amandabackup" "amanda"',
+ 'property' => '"mailto" "backup" "amanda"',
]);
$testconf->add_device('my_device', [
'comment' => '"my device is mine, not yours"',
planner: HAVE_MMAP NEED_STRSTR HAVE_SYSVSHM AMFLOCK_POSIX AMFLOCK_LOCKF
planner: AMFLOCK_LNLOCK SETPGRP_VOID ASSERTIONS AMANDA_DEBUG_DAYS=4
planner: BSD_SECURITY RSH_SECURITY USE_AMANDAHOSTS
-planner: CLIENT_LOGIN="amandabackup" CHECK_USERID HAVE_GZIP
+planner: CLIENT_LOGIN="backup" CHECK_USERID HAVE_GZIP
planner: COMPRESS_SUFFIX=".gz" COMPRESS_FAST_OPT="--fast"
planner: COMPRESS_BEST_OPT="--best" UNCOMPRESS_OPT="-dc"
READING CONF INFO...
.PP
\fBamaddclient\fR
-must be run by user amandabackup\&.
+must be run by user backup\&.
.PP
\-\-config, \-\-client and \-\-diskdev must be specified\&.
.SH "OPTIONS"
.PP
\fB/var/lib/amanda\fR
.RS 4
-amandabackup home directory
+backup home directory
.RE
.PP
\fB/var/lib/amanda/\&.amandahosts\fR
.PP
When Amanda is built, a username is specified with the
\fB\-\-with\-user\fR
-option\&. Most Amanda processes run under this user\*(Aqs identity, to minimize security risks\&. In binary distributions, this username is usually one of \*(Aqamanda\*(Aq, \*(Aqamandabackup\*(Aq, or \*(Aqbackup\*(Aq\&. The examples below use \*(Aqamandabackup\*(Aq since it is unambiguous\&. You may need to adjust accordingly for your system\&.
+option\&. Most Amanda processes run under this user\*(Aqs identity, to minimize security risks\&. In binary distributions, this username is usually one of \*(Aqamanda\*(Aq, \*(Aqbackup\*(Aq, or \*(Aqbackup\*(Aq\&. The examples below use \*(Aqbackup\*(Aq since it is unambiguous\&. You may need to adjust accordingly for your system\&.
.SS "Authenticated Peer Hostnames"
.PP
Amanda\*(Aqs authentication mechanisms provide an authenticated hostname of the system on the other end of the connection, which is used to restrict access to only particular hosts\&. The degree of "authentication" performed on this hostname varies with the authentication mechanism, and is discussed below\&.
(which is equivalent to
\fBamdump\fR)\&.
.PP
-Example of the \&.amandahosts file on an Amanda client, where \*(Aqamandabackup\*(Aq is the Amanda dumpuser\&.
+Example of the \&.amandahosts file on an Amanda client, where \*(Aqbackup\*(Aq is the Amanda dumpuser\&.
.sp
.nf
- \fBamandaserver\&.example\&.com amandabackup amdump\fR
+ \fBamandaserver\&.example\&.com backup amdump\fR
.fi
.PP
Example of the \&.amandahosts file on an Amanda server
The authentication is done using \&.amandahosts files in the Amanda user\*(Aqs home directory\&. It uses UDP protocol between Amanda server and client for data and hence the number of DLEs is limited by the UDP packet size\&. It uses one TCP port to establish the connection and multiplexes all data streams using one port on the server (see PORT USAGE below)\&.
.SS "bsdtcp communication and authentication"
.PP
-The authentication is done using \&.amandahosts files in the backup user\*(Aqs (for example: amandabackup) home directory\&. It uses TCP protocol between Amanda server and client\&. On the client, two reserved ports are used\&. On the server, all data streams are multiplexed to one port (see PORT USAGE below)\&.
+The authentication is done using \&.amandahosts files in the backup user\*(Aqs (for example: backup) home directory\&. It uses TCP protocol between Amanda server and client\&. On the client, two reserved ports are used\&. On the server, all data streams are multiplexed to one port (see PORT USAGE below)\&.
.SS "USING INETD SERVER"
.PP
Template for Amanda client inetd service entry
.PP
Client example of using
\fBbsd\fR
-authorization for inetd server given Amanda user is "amandabackup":
+authorization for inetd server given Amanda user is "backup":
.sp
.nf
-\fB amanda dgram udp wait amandabackup /path/to/amandad amandad \-auth=bsd amdump\fR
+\fB amanda dgram udp wait backup /path/to/amandad amandad \-auth=bsd amdump\fR
.fi
.PP
The same could be used for
.PP
Client example of using
\fBbsdtcp\fR
-authorization for inetd server given Amanda user is "amandabackup":
+authorization for inetd server given Amanda user is "backup":
.sp
.nf
-\fB amanda stream tcp nowait amandabackup /path/to/amandad amandad \-auth=bsdtcp amdump\fR
+\fB amanda stream tcp nowait backup /path/to/amandad amandad \-auth=bsdtcp amdump\fR
.fi
.PP
\fBamindexd\fR
.PP
Server example of using
\fBbsdtcp\fR
-authorization for inetd server given Amanda user is "amandabackup":
+authorization for inetd server given Amanda user is "backup":
.sp
.nf
-\fB amanda stream tcp nowait amandabackup /path/to/amandad amandad \-auth=bsdtcp amdump amindexd amidxtaped\fR
+\fB amanda stream tcp nowait backup /path/to/amandad amandad \-auth=bsdtcp amdump amindexd amidxtaped\fR
.fi
.PP
For Amanda version 2\&.5\&.0 and earlier, remember that neither
Example of amindexd and amidxtaped Amanda daemon services configured as their own network services for a 2\&.5\&.0 or earlier server or a newer server having 2\&.5\&.0 or earlier clients
.sp
.nf
-\fB amandaidx stream tcp nowait amandabackup /usr/local/libexec/amanda/current/amindexd amindexd\fR
-\fB amidxtape stream tcp nowait amandabackup /usr/local/libexec/amanda/current/amidxtaped amidxtaped\fR
+\fB amandaidx stream tcp nowait backup /usr/local/libexec/amanda/current/amindexd amindexd\fR
+\fB amidxtape stream tcp nowait backup /usr/local/libexec/amanda/current/amidxtaped amidxtaped\fR
.fi
.SS "USING XINETD SERVER"
.PP
.PP
Client example of using
\fBbsd\fR
-authorization for xinetd server and for Amanda user "amandabackup":
+authorization for xinetd server and for Amanda user "backup":
.sp
.nf
service amanda
socket_type = dgram
protocol = udp
wait = yes
- user = amandabackup
+ user = backup
group = disk
groups = yes
server = /path/to/amandad
.PP
Client example of using
\fBbsdtcp\fR
-authorization for xinetd server and for Amanda user "amandabackup":
+authorization for xinetd server and for Amanda user "backup":
.sp
.nf
service amanda
socket_type = stream
protocol = tcp
wait = no
- user = amandabackup
+ user = backup
group = disk
groups = yes
server = /path/to/amandad
define dumptype rsh_example {
\&.\&.\&.
auth "rsh"
- client\-username "amandabackup"
+ client\-username "backup"
amandad\-path "/usr/lib/exec/amandad"
\&.\&.\&.
}
Enable SSH authentication and set the \fBssh\-keys\fR option in all DLEs for that host by adding the following to the DLE itself or to the corresponding dumptype in amanda\&.conf:
auth "ssh"
- ssh\-keys "/home/amandabackup/\&.ssh/id_rsa_amdump"
+ ssh\-keys "/home/backup/\&.ssh/id_rsa_amdump"
\fBssh\-keys\fR is the path to the private key on the client\&. If the username to which Amanda should connect is different from the default, then you should also add
from Real Name, Comment and Email Address in this form:
"Heinrich Heine (Der Dichter) (heinrichh@duesseldorf\&.de)"
-Real name: amandabackup
+Real name: backup
Email address:
-Comment: gpg keys for amandabackup
+Comment: gpg keys for backup
You selected this USER\-ID:
- "amandabackup (gpg keys for amandabackup)"
+ "backup (gpg keys for backup)"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
You need a Passphrase to protect your secret key\&.
public and secret key created and signed\&.
key marked as ultimately trusted\&.
-pub 1024D/4417A8CB 2006\-02\-07 amandabackup (gpg keys for amandabackup)
+pub 1024D/4417A8CB 2006\-02\-07 backup (gpg keys for backup)
Key fingerprint = 139C 6369 44FC 7F1A 655C E5E9 7EAA 515A 4417 A8CB
sub 1024g/8C3A6A78 2006\-02\-07 [expires: 2006\-08\-06]
.fi
\fBamserverconfig\fR
does not change existing Amanda configurations\&.
\fBamserverconfig\fR
-must be run by user amandabackup\&.
+must be run by user backup\&.
.SH "OPTIONS"
.PP
Options may be abbreviated, as long as the abbreviation is not ambiguous\&. Option argument can either separated by \*(Aq=\*(Aq or a space\&. Example: \-\-templ=harddisk \-\-tapedev /dev/nst0
.sp
If tape\-changer is chosen for this option, program mtx is required\&.
\fBamserverconfig\fR
-will search for mtx in the following directory: "/usr/sbin", "/usr/local/sbin", "/usr/local/bin", "/usr/bin", "/bin" and amandabackup\*(Aqs PATH\&.
+will search for mtx in the following directory: "/usr/sbin", "/usr/local/sbin", "/usr/local/bin", "/usr/bin", "/bin" and backup\*(Aqs PATH\&.
.sp
If harddisk is chosen and \-\-no\-vtape is not specified,
\fBamserverconfig\fR
.PP
\fB\-\-mailto mailto\fR
.RS 4
-A space separated list of recipients for mail reports\&. default [amandabackup]
+A space separated list of recipients for mail reports\&. default [backup]
.RE
.PP
\fB\-\-dumpcycle dumpcycle\fR
.PP
\fB/var/lib/amanda\fR
.RS 4
-amandabackup home directory
+backup home directory
.RE
.PP
\fB/var/lib/amanda/gnutar\-lists\fR
\fBdiskdevice\fR
in the disklist (DLE) must be the directory to backup\&.
.PP
-Solaris 10 supports Role Based Access Control(RBAC) which is enabled by default\&. To run backup operations using sun tar utility by under privileged user like amandabackup, amandabackup user need to have proper roles and profiles, specially "Media Backup" profile/role\&. This can be done using \*(Aqusermod \-P "Media Backup" amandabackup\*(Aq command\&.
+Solaris 10 supports Role Based Access Control(RBAC) which is enabled by default\&. To run backup operations using sun tar utility by under privileged user like backup, backup user need to have proper roles and profiles, specially "Media Backup" profile/role\&. This can be done using \*(Aqusermod \-P "Media Backup" backup\*(Aq command\&.
.SH "PROPERTIES"
.PP
This section lists the properties that control amsuntar\*(Aqs functionality\&. See
(See <refentrytitle>ssh-keygen</refentrytitle><manvolnum>1</manvolnum> and
<refentrytitle>ssh-add</refentrytitle><manvolnum>1</manvolnum> for detail.)</para>
<para>
-&amaddclient; must be run by user amandabackup.</para>
+&amaddclient; must be run by user backup.</para>
<para> --config, --client and --diskdev must be specified.
</para>
</refsect1>
<varlistentry>
<term><option>/var/lib/amanda</option></term>
<listitem>
-<para>amandabackup home directory</para>
+<para>backup home directory</para>
</listitem>
</varlistentry>
<option>--with-user</option> option. Most Amanda processes run under
this user's identity, to minimize security risks. In binary
distributions, this username is usually one of 'amanda',
-'amandabackup', or 'backup'. The examples below use 'amandabackup'
+'backup', or 'backup'. The examples below use 'backup'
since it is unambiguous. You may need to adjust accordingly for your
system.</para>
<para>If service is omitted, it defaults to <emphasis remap='B'>noop selfcheck sendsize sendbackup</emphasis> (which is equivalent to <emphasis remap='B'>amdump</emphasis>).</para>
- <para>Example of the .amandahosts file on an Amanda client, where 'amandabackup' is the Amanda dumpuser.
+ <para>Example of the .amandahosts file on an Amanda client, where 'backup' is the Amanda dumpuser.
<programlisting>
- <emphasis remap='B'>amandaserver.example.com amandabackup amdump</emphasis>
+ <emphasis remap='B'>amandaserver.example.com backup amdump</emphasis>
</programlisting>
</para>
</refsect2>
<refsect2><title>bsdtcp communication and authentication</title>
- <para>The authentication is done using .amandahosts files in the backup user's (for example: amandabackup) home directory. It uses TCP protocol between Amanda server and client. On the client, two reserved ports are used. On the server, all data streams are multiplexed to one port (see PORT USAGE below).</para>
+ <para>The authentication is done using .amandahosts files in the backup user's (for example: backup) home directory. It uses TCP protocol between Amanda server and client. On the client, two reserved ports are used. On the server, all data streams are multiplexed to one port (see PORT USAGE below).</para>
</refsect2>
<refsect2><title>USING INETD SERVER</title>
<emphasis remap='I'> service_name</emphasis> <emphasis remap='I'>socket_type</emphasis> <emphasis remap='I'>protocol</emphasis> <emphasis remap='I'>wait/nowait</emphasis> <emphasis remap='I'>amanda_backup_user</emphasis> <emphasis remap='I'>absolute_path_to_amandad</emphasis> amandad <emphasis remap='I'>server_args</emphasis>
</programlisting>
</para>
- <para>Client example of using <emphasis remap='B'>bsd</emphasis> authorization for inetd server given Amanda user is "amandabackup":
+ <para>Client example of using <emphasis remap='B'>bsd</emphasis> authorization for inetd server given Amanda user is "backup":
<programlisting>
-<emphasis remap='B'> amanda dgram udp wait amandabackup /path/to/amandad amandad -auth=bsd amdump</emphasis>
+<emphasis remap='B'> amanda dgram udp wait backup /path/to/amandad amandad -auth=bsd amdump</emphasis>
</programlisting>
</para>
<para>The same could be used for <emphasis remap='B'>bsdudp</emphasis> if specifying -auth=bsdudp instead of -auth=bsd.</para>
- <para>Client example of using <emphasis remap='B'>bsdtcp</emphasis> authorization for inetd server given Amanda user is "amandabackup":
+ <para>Client example of using <emphasis remap='B'>bsdtcp</emphasis> authorization for inetd server given Amanda user is "backup":
<programlisting>
-<emphasis remap='B'> amanda stream tcp nowait amandabackup /path/to/amandad amandad -auth=bsdtcp amdump</emphasis>
+<emphasis remap='B'> amanda stream tcp nowait backup /path/to/amandad amandad -auth=bsdtcp amdump</emphasis>
</programlisting>
</para>
<para><emphasis remap='B'>amindexd</emphasis> and <emphasis remap='B'>amidxtaped</emphasis> would typically be added at the end of the line as &amandad; server arguments for an Amanda server.</para>
- <para>Server example of using <emphasis remap='B'>bsdtcp</emphasis> authorization for inetd server given Amanda user is "amandabackup":
+ <para>Server example of using <emphasis remap='B'>bsdtcp</emphasis> authorization for inetd server given Amanda user is "backup":
<programlisting>
-<emphasis remap='B'> amanda stream tcp nowait amandabackup /path/to/amandad amandad -auth=bsdtcp amdump amindexd amidxtaped</emphasis>
+<emphasis remap='B'> amanda stream tcp nowait backup /path/to/amandad amandad -auth=bsdtcp amdump amindexd amidxtaped</emphasis>
</programlisting>
</para>
<para>For Amanda version 2.5.0 and earlier, remember that neither <emphasis remap='B'>bsdudp</emphasis> nor <emphasis remap='B'>bsdtcp</emphasis> are supported and the Amanda daemon &amandad; accepts no arguments. Because of the latter, &amrecover; as of Amanda version 2.5.1 is not compatible with 2.5.0 and earlier servers. Thus, servers that are 2.5.0 or earlier must, in addition to the <emphasis remap='I'>amanda</emphasis> service, run <emphasis remap='I'>amindexd</emphasis> and <emphasis remap='I'>amidxtaped</emphasis> Amanda services as their own network services, amandaidx and amidxtape, respectively (see below).</para>
<para>Example of amindexd and amidxtaped Amanda daemon services configured as their own network services for a 2.5.0 or earlier server or a newer server having 2.5.0 or earlier clients
<programlisting>
-<emphasis remap='B'> amandaidx stream tcp nowait amandabackup /usr/local/libexec/amanda/current/amindexd amindexd</emphasis>
-<emphasis remap='B'> amidxtape stream tcp nowait amandabackup /usr/local/libexec/amanda/current/amidxtaped amidxtaped</emphasis>
+<emphasis remap='B'> amandaidx stream tcp nowait backup /usr/local/libexec/amanda/current/amindexd amindexd</emphasis>
+<emphasis remap='B'> amidxtape stream tcp nowait backup /usr/local/libexec/amanda/current/amidxtaped amidxtaped</emphasis>
</programlisting>
</para>
</refsect2>
</programlisting>
</para>
<para>The <emphasis remap='I'>only_from</emphasis> parameter can be used with xinetd but is usually in addition to the primary form of access control via the .amandahosts file.</para>
- <para>Client example of using <emphasis remap='B'>bsd</emphasis> authorization for xinetd server and for Amanda user "amandabackup":
+ <para>Client example of using <emphasis remap='B'>bsd</emphasis> authorization for xinetd server and for Amanda user "backup":
<programlisting>
service amanda
socket_type = dgram
protocol = udp
wait = yes
- user = amandabackup
+ user = backup
group = disk
groups = yes
server = /path/to/amandad
</programlisting>
</para>
<para>The same could be used for <emphasis remap='B'>bsdudp</emphasis> if specifying -auth=bsdudp instead of -auth=bsd.</para>
- <para>Client example of using <emphasis remap='B'>bsdtcp</emphasis> authorization for xinetd server and for Amanda user "amandabackup":
+ <para>Client example of using <emphasis remap='B'>bsdtcp</emphasis> authorization for xinetd server and for Amanda user "backup":
<programlisting>
service amanda
socket_type = stream
protocol = tcp
wait = no
- user = amandabackup
+ user = backup
group = disk
groups = yes
server = /path/to/amandad
define dumptype rsh_example {
...
auth "rsh"
- client-username "amandabackup"
+ client-username "backup"
amandad-path "/usr/lib/exec/amandad"
...
}
Enable SSH authentication and set the <amkeyword>ssh-keys</amkeyword> option in all DLEs for that host by adding the following to the DLE itself or to the corresponding dumptype in amanda.conf:
auth "ssh"
- ssh-keys "/home/amandabackup/.ssh/id_rsa_amdump"
+ ssh-keys "/home/backup/.ssh/id_rsa_amdump"
<amkeyword>ssh-keys</amkeyword> is the path to the private key on the client. If the username to which Amanda should connect is different from the default, then you should also add
from Real Name, Comment and Email Address in this form:
"Heinrich Heine (Der Dichter) (heinrichh@duesseldorf.de)"
-Real name: amandabackup
+Real name: backup
Email address:
-Comment: gpg keys for amandabackup
+Comment: gpg keys for backup
You selected this USER-ID:
- "amandabackup (gpg keys for amandabackup)"
+ "backup (gpg keys for backup)"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
You need a Passphrase to protect your secret key.
public and secret key created and signed.
key marked as ultimately trusted.
-pub 1024D/4417A8CB 2006-02-07 amandabackup (gpg keys for amandabackup)
+pub 1024D/4417A8CB 2006-02-07 backup (gpg keys for backup)
Key fingerprint = 139C 6369 44FC 7F1A 655C E5E9 7EAA 515A 4417 A8CB
sub 1024g/8C3A6A78 2006-02-07 [expires: 2006-08-06]
It will create /var/lib/amanda/guntar-lists directory if one does
not exist.
&amserverconfig; does not change existing Amanda configurations.
-&amserverconfig; must be run by user amandabackup.
+&amserverconfig; must be run by user backup.
</para>
</refsect1>
</para>
<para>If tape-changer is chosen for this option, program mtx is required. &amserverconfig; will
search for mtx in the following directory: "/usr/sbin", "/usr/local/sbin",
-"/usr/local/bin", "/usr/bin", "/bin" and amandabackup's PATH.
+"/usr/local/bin", "/usr/bin", "/bin" and backup's PATH.
</para>
<para>
If harddisk is chosen and --no-vtape is not specified, &amserverconfig; will create and label virtual tape
<varlistentry>
<term><option>--mailto mailto</option></term>
<listitem>
-<para> A space separated list of recipients for mail reports. default [amandabackup] </para>
+<para> A space separated list of recipients for mail reports. default [backup] </para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>/var/lib/amanda</option></term>
<listitem>
-<para>amandabackup home directory</para>
+<para>backup home directory</para>
</listitem>
</varlistentry>
<para>Solaris 10 supports Role Based Access Control(RBAC) which is enabled
by default. To run backup operations using sun tar utility by under
-privileged user like amandabackup, amandabackup user need to have proper
+privileged user like backup, backup user need to have proper
roles and profiles, specially "Media Backup" profile/role. This can be done
-using 'usermod -P "Media Backup" amandabackup' command.</para>
+using 'usermod -P "Media Backup" backup' command.</para>
</refsect1>