Re: [Bacula-users] Changing tapes without console interaction.

Fri, 24 Jun 2005 07:32:12 -0700 

Frank,

sorry, but that's not exactly right, everybody in group
operator has tape access:

crw-rw----  1 root  operator  229,   1 Jun 23 01:41 /dev/nsa0.0

user bacula is in group operator and bacula-sd runs as
bacula:operator. bacula-dir runs as bacula:bacula.

Therefore there is no need to run bconsole as root
(least privilege principle). It is enough to run
it as user bacula and do a "newgrp operator; mt offl" to
eject the tape. Alternatively one could change the group of
bconsole from wheel to operator (not bacula)  and do the
newgrp  before accessing bconsole. Either way the director
would be able to call itself ;-)

Thanks for the sudo hint, but i would prefer not to run
bconsole as root if possible.


-- Attila

Frank Altpeter wrote:

2005/6/24, Attila Fülöp <[EMAIL PROTECTED]>:


The problem is, the FreeBSD Port installs bconsole with
754 (rwxr-xr--) root:wheel and the director fails to execute
it since it runs as user+group bacula. Same problem with
bconsole.conf and (gnome|wx)-console.

Is this a bacula "feature" or something the FreeBSD port
maintainer did? I would think its reasonable to change both
files to be owned by group bacula. I will contact the port
maintainer in case it's his part.

Alternatively, is there another way to achieve above
functionality?



Don't know if above makes sense, and it doesn't seem to come from the
port configuration - however, usually you don't have access to the
tape drive as non-root anyway...
So, i think the best way to archive your expected results is to run
sudo in your scripts, e.g. make it

echo "mount CertanceDrive" | sudo /usr/local/sbin/bconsole -c
/usr/local/etc/bconsole.conf
echo "umount CertanceDrive" | sudo /usr/local/sbin/bconsole -c
/usr/local/etc/bconsole.conf

and configure your sudoers file accordingly.






-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_idt77&alloc_id492&op=click
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users

Reply via email to