-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Gregory Brauer wrote: > > At the end of our weekly cycle I would like to command our loader > to unload any tapes that are in the drive to make for easy tape > swapping. With versions of bacula prior to 1.38 the director > daemon was running as root, so ejecting the tape was a simple > matter of creating a job that ran an "mtx unload" as a RunBeforeJob > rule. Now that bacula-dir is running as the bacula user for > security, the bacula-dir no longer has permission to run mtx > commands directly. I was wondering if there is a way I can command > bacula-sd to eject the tapes on behalf of the director. > > Is there any way to do this? This is not entirely true. I'm not sure what package manager you are using and on what OS, but from source, if you don't specify anything, everything still runs as root.
This leads me to ask -- what does one have to do, when installing from source, to change the way things are done? I know logically, considering the work of the -fd, that it must run with SOME sort of elevated access (perhaps Solaris 10 will help me here), but how can I improve the security on the other daemons? This is the kind of question I'm talking about: A) Does bacula need to run as root to access the tape drive if the permissions on the device are OK? B) Does anything bacula-dir does require it to run as root, or can I safely change this one right away? ...anything I'm not thinking of here? Sorry for the quasi-thread-hijack! - -- ---- _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | |Ryan Novosielski - User Support Spec. III |$&| |__| | | |__/ | \| _| |[EMAIL PROTECTED] - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent.|IST/AST - NJMS Medical Science Bldg - C630 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEd6K8mb+gadEcsb4RAhd+AKDIzAG4F+iTLqVDx6rFcZIMTCMRTwCg1hf5 Rc8ZSQKZLdY9E4+KHG9+ayY= =79+A -----END PGP SIGNATURE----- _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
