Recent Changes - Search:

Help Topics

User Accounts

Additional Help

Staff Docs

  • (Private)

edit SideBar



Amanda Installation on FreeBSD 6.1/i386

University of Delaware

Written by Ryan Bickhart <bickhart at>

Modified by Nasif Ekiz

This document describes the steps taken to install the Amanda network backup client on FreedBSD 6.1 on i386. Note that any commands prefixed by a '%' can be run by any user on the system, while commands prefixed by a '#' must be run as root. The steps listed in this document assume that the client system being configured will be use the EECIS backup infrastructure.

01. Install the Amanda client software:

  # cd /usr/ports/misc/amanda-client
  # make install
  # make clean

02. Create a home directory for user "operator":

  # cd /var
  # mkdir operator
  # chown operator operator/

03. Update the home directory/shell for user "operator" in the system database:

  # pw usermod operator -d /var/operator -s /bin/csh

Doing so will allow remote login as "operator", which is required for backups. Any real shell could be used here (instead of csh) besides /sbin/nologin.

04. Create an SSH directory in the home directory for user "operator":

  # su - operator
  % cd /var/operator
  % mkdir .ssh

Note: the directory should be owned by user "operator" and group "wheel".

05. Obtain the public key for the backup host, from web page.

06. Copy the public key of the backup server you obtained earlier to the known_hosts file in the SSH directory for user "operator". Note that depending on the version of SSH installed on the local machine, this file may actually need to be named known_hosts2. Create both just in case:

  # cp /var/operator/.ssh/known_hosts
  # cp /var/operator/.ssh/known_hosts2
  # chmod 644 /var/operator/.ssh/known_hosts
  # chmod 644 /var/operator/.ssh/known_hosts2

07. Create the .amandahosts access control file in the home directory of user "operator":

  # cd /var/operator
  # su - operator
  % echo " operator" > .amandahosts
  % chmod 600 .amandahosts

The .amandahosts file should have a line for the backup server configuration, listing the remote host and remote user which will be connecting for backups. In our case, the line is simply: operator

08. Verify that raw disk devices are readable by user "operator".

  % ls -l /dev/ad0s*
  crw-r----- 2 root operator 116, 0x00020002 Feb 26 10:08 ad0s1
  crw-r----- 2 root operator 116, 0x00020000 Feb 26 10:08 ad0s1a
  crw-r----- 2 root operator 116, 0x00020001 Feb 26 10:08 ad0s1b
  crw-r----- 2 root operator 116, 0x00020002 Feb 26 10:08 ad0s1c
  crw-r----- 2 root operator 116, 0x00020003 Feb 26 10:08 ad0s1d
  crw-r----- 2 root operator 116, 0x00020004 Feb 26 10:08 ad0s1e
  crw-r----- 2 root operator 116, 0x00020005 Feb 26 10:08 ad0s1f
  crw-r----- 2 root operator 116, 0x00020006 Feb 26 10:08 ad0s1g
  crw-r----- 2 root operator 116, 0x00020007 Feb 26 10:08 ad0s1h

Note that the devices you need to check depend on the disks and slices you want to be able to backup. Basically, anything you want backed up needs to be readable by user "operator".

09. Enable the inetd super server:

  # vi /etc/rc.conf

Add (or modify the existing line to match) the following option:


Reboot or manually run "inetd" as root to start the service.

10. Verify that the following definitions are in /etc/services:

  amanda 10080/udp
  amandaidx 10082/tcp
  amidxtape 10083/tcp

11. Update inetd's configuration to include the Amanda service:

  # vi /etc/inetd.conf

Add the following service:

  amanda dgram udp wait operator /usr/local/libexec/amanda/amandad amandad

12. Verify that /etc/dumpdates is readable and writable by user "operator".

  % ls -l /etc/dumpdates

13. Enable host-based authentication for sshd:

  # vi /etc/ssh/sshd_config

Add/modify/uncomment the following line in the configuration file:

  HostbasedAuthentication yes

Next, save sshd_config and restart the sshd service so the changes take effect:

  # kill -HUP `cat /var/run/`

14. Add the hostname of the backup server, in our case, to the /etc/ssh/shosts.equiv file.

15. Make sure you have restarted the sshd and inetd services. Simply, you can restart the machine for changes to take effect.


To add a comment, click the link below. You are free to contribute anonymously, but it is preferred that you sign your comments with your name. Simply add ~~~~ to the end of your comment to sign it. Regardless of whether you sign your comment, your username will be visible on the History page.
(Add Your Own)

Adding pitch-black to shosts.equiv allows more access than necessary to the client system, which is a concern for some people. Only the operator user needs to be given access. In operator's home directory on the client a line of ' operator' should be added to the .shosts file to allow passwordless logins from the backup server. Other users do not require access (which is what adding to shosts.equiv would allow.

Edit - History - Print - Recent Changes - Search
Page last modified on July 16, 2007, at 02:29 PM