In a previous message, Kern said:
From: Kern Sibbald <[EMAIL PROTECTED]>
Re: Securing backups from inappropriate restores
2006-08-18 08:11
Maybe I am misunderstanding the request, because Bacula has since quite some
time had very fine grain control of Client access. There is perhaps some
need for improvement of where the user can restore the files so that he/she
is not able to clobber other users files, but other than that, as far as I
know it all works fine. Restricted Consoles and Bacula Director Access
control lists ...
So I did some testing using the examples from the documentation and came up
with this test of my personal machine:
Console {
Name = triceratops.lizardarts.com-console
Password = "*removed*"
JobACL = "triceratops.lizardarts.com"
ClientACL = triceratops.lizardarts.com-fd
StorageACL = Disk_clients
ScheduleACL = *all*
PoolACL = clients_Pool
FileSetACL = *all*
CatalogACL = clientsCatalog
CommandACL = restore
}
This works fine on the surface. I can connect only if the passwords are
right. I can only run the commands that are listed in the command acl.
If I use the "run" command it immediately goes directly to my one and only
backup job. Good so far.
But when I try to run a restore, I see the following. Note that none of
these jobs are even in the same catalog as this client:
*restore
Using default Catalog name=svcoloCatalog DB=bacula
First you select one or more JobIds that contain files
to be restored. You will be presented several methods
of specifying the JobIds. Then you will be allowed to
select which files from those JobIds are to be restored.
To select the JobIds, you have the following choices:
1: List last 20 Jobs run
2: List Jobs where a given File is saved
3: Enter list of comma separated JobIds to select
4: Enter SQL list command
5: Select the most recent backup for a client
6: Select backup for a client before a specified time
7: Enter a list of files to restore
8: Enter a list of files to restore before a specified time
9: Find the JobIds of the most recent backup for a client
10: Find the JobIds for a backup for a client before a specified time
11: Enter a list of directories to restore for found JobIds
12: Cancel
Select item: (1-12): 1
+-------+-------------+---------------------+----------+----------+----------------+
| JobId | Client | StartTime | JobLevel | JobFiles |
JobBytes |
+-------+-------------+---------------------+----------+----------+----------------+
| 209 | arran.sc-fd | 2006-08-18 23:23:51 | I | 990 |
1500058134 |
| 208 | scapa.sv-fd | 2006-08-18 23:23:27 | I | 984 |
14002496 |
| 205 | backup0-fd | 2006-08-18 23:05:01 | I | 125 |
3977736583 |
| 204 | scapa.sv-fd | 2006-08-17 23:20:41 | I | 995 |
13891509 |
| 203 | arran.sc-fd | 2006-08-17 23:15:00 | I | 997 |
1490799884 |
| 202 | backup0-fd | 2006-08-17 23:05:01 | I | 109 |
3825503971 |
| 201 | scapa.sv-fd | 2006-08-16 23:20:30 | I | 980 |
15184019 |
| 200 | arran.sc-fd | 2006-08-16 23:14:46 | I | 965 |
1491301373 |
| 199 | backup0-fd | 2006-08-16 23:05:01 | I | 110 |
3642618111 |
| 198 | scapa.sv-fd | 2006-08-15 23:25:06 | I | 81 | 6980828
|
| 197 | arran.sc-fd | 2006-08-15 23:20:40 | I | 735 |
1406471071 |
| 196 | backup0-fd | 2006-08-15 23:05:01 | I | 89 |
3457565179 |
| 195 | scapa.sv-fd | 2006-08-15 14:09:10 | I | 1391 |
662205564 |
| 194 | arran.sc-fd | 2006-08-15 13:52:13 | I | 1120 |
1492100696 |
| 167 | backup0-fd | 2006-08-15 06:59:25 | I | 144 |
4181466442 |
| 166 | scapa.sv-fd | 2006-08-06 13:23:51 | F | 220252 |
5281275263 |
| 165 | arran.sc-fd | 2006-08-06 12:28:00 | F | 653659 |
10606103660 |
| 164 | backup0-fd | 2006-08-06 12:05:02 | F | 199727 |
4988104804 |
| 160 | scapa.sv-fd | 2006-08-06 06:36:01 | I | 42 | 3060330
|
| 159 | arran.sc-fd | 2006-08-06 06:32:30 | I | 708 |
1266961221 |
+-------+-------------+---------------------+----------+----------+----------------+
--
Jo Rhett
senior geek
SVcolo : Silicon Valley Colocation
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users
