Crontab For Amanda Enterprise Gets "Permission Denied"?

Hey all,

I know there are a million threads and blog posts and docs about cron, and I’ve spent about 5 solid hours tonight reading through every one trying to find the solution to my problem.

I’m configuring Amanda Enterprise on an OpenSuSE 11.3 system, and everything but the scheduled backups are running. I decided to try and fix it tonight, but I’m pretty fed up by now.

So here’s the background:

  • The application creates an account on the box named “amandabackup” and adds it to the ‘video’ and ‘disk’ groups.
  • It generates cron jobs in /etc/zmanda/zmc_aee/crontab, which is configured as the location of the crontab file for the amandabackup user.
  • the crontab is owned by amandabackup:disk with a mask of 644.

So I played around with it a little bit; I ran the backup task manually as amandabackup, which worked fine. I then tried adding the following to the crontab:

          • /bin/date > /tmp/amandacron.log

and touched amandacron.log, then made sure it was owned by amandabackup with a mask of 644 (i also tried /etc/amanda/amandacron.log, which is a directory the account stores backup session configs in, so I know it can write to it properly). The file is never updated. I tried adding amandabackup to different groups (it’s currently been added to the “Users” group), with no success. I tried a symlink to the crontab file in /etc/cron.d to see if that would make a difference, but it didn’t. At this point, I went online and tried some more stuff I found:

  • I checked /var/log/mail/amandabackup - everything but cron jobs were reporting to it.

  • I verified cron was running with both “ps -ef | grep cron” and “rccron status”

  • I ensured /var/spool/cron/tabs/amandabackup existed, showed the proper entries, and was set to 644.

  • (this one’s the important bit)I checked /var/log/messages, and every minute on the dot I see: <timestamp> /usr/sbin/cron[PID]: Permission Denied

  • I ensured there was no /etc/cron.allow, and that /etc/cron.deny did not contain amandabackup.

  • I tried making an /etc/cron.allow, adding amandabackup, and restarting the cron daemon, but this did nothing.

So… yeah. I don’t think I’ve forgotten anything, but my attempts have been getting progressively more feverish, so I’m not positive. Is there some annoying YAST cron panel I’m not seeing? Is there some way of getting more verbose logging out of the cron daemon than just “permission denied”? Is there some draconian rule about crontabs only working based on some otherwise-arbitrary account setting? If anyone has any ideas, I’d really appreciate it.

Thanks in advance

-Nick F.

Got it.

The problem was to do with how the amandabackup user was configured in /etc/shadow.

The entry looked like:


but a forum conversation here: ISPConfig 3 latest SVN problems - HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials discusses a problem which showed up in 11.3 where service accounts with a password hash of “!” cannot authenticate to the system properly. so I changed the entry to:


and it works fine.