This below is a false report. My client ACL was wrong.
Everything else about this problem remains true, just ignore this one
report. The ACL was effective!
On Sat, Aug 19, 2006 at 10:15:53AM -0700, Jo Rhett wrote:
> More problems with restricted consoles:
>
> *restore
> (snipped)
> 2: List Jobs where a given File is saved
> (snipped)
> Select item: (1-12): 2
> Defined Clients:
> Selection is empty!
>
> *restore
> (snipped)
> 5: Select the most recent backup for a client
> (snipped)
> Select item: (1-12): 5
> Defined Clients:
> Selection is empty!
>
> On Sat, Aug 19, 2006 at 10:11:53AM -0700, Jo Rhett wrote:
> > In a previous message, Kern said:
> >
> > From: Kern Sibbald <[EMAIL PROTECTED]>
> > Re: Securing backups from inappropriate restores
> > 2006-08-18 08:11
> >
> > Maybe I am misunderstanding the request, because Bacula has since quite
> > some
> > time had very fine grain control of Client access. There is perhaps some
> > need for improvement of where the user can restore the files so that
> > he/she
> > is not able to clobber other users files, but other than that, as far as I
> > know it all works fine. Restricted Consoles and Bacula Director Access
> > control lists ...
> >
> > So I did some testing using the examples from the documentation and came up
> > with this test of my personal machine:
> >
> > Console {
> > Name = triceratops.lizardarts.com-console
> > Password = "*removed*"
> > JobACL = "triceratops.lizardarts.com"
> > ClientACL = triceratops.lizardarts.com-fd
> > StorageACL = Disk_clients
> > ScheduleACL = *all*
> > PoolACL = clients_Pool
> > FileSetACL = *all*
> > CatalogACL = clientsCatalog
> > CommandACL = restore
> > }
> >
> > This works fine on the surface. I can connect only if the passwords are
> > right. I can only run the commands that are listed in the command acl.
> > If I use the "run" command it immediately goes directly to my one and only
> > backup job. Good so far.
> >
> > But when I try to run a restore, I see the following. Note that none of
> > these jobs are even in the same catalog as this client:
> >
> > *restore
> > Using default Catalog name=svcoloCatalog DB=bacula
> >
> > First you select one or more JobIds that contain files
> > to be restored. You will be presented several methods
> > of specifying the JobIds. Then you will be allowed to
> > select which files from those JobIds are to be restored.
> >
> > To select the JobIds, you have the following choices:
> > 1: List last 20 Jobs run
> > 2: List Jobs where a given File is saved
> > 3: Enter list of comma separated JobIds to select
> > 4: Enter SQL list command
> > 5: Select the most recent backup for a client
> > 6: Select backup for a client before a specified time
> > 7: Enter a list of files to restore
> > 8: Enter a list of files to restore before a specified time
> > 9: Find the JobIds of the most recent backup for a client
> > 10: Find the JobIds for a backup for a client before a specified time
> > 11: Enter a list of directories to restore for found JobIds
> > 12: Cancel
> > Select item: (1-12): 1
> > +-------+-------------+---------------------+----------+----------+----------------+
> > | JobId | Client | StartTime | JobLevel | JobFiles |
> > JobBytes |
> > +-------+-------------+---------------------+----------+----------+----------------+
> > | 209 | arran.sc-fd | 2006-08-18 23:23:51 | I | 990 |
> > 1500058134 |
> > | 208 | scapa.sv-fd | 2006-08-18 23:23:27 | I | 984 |
> > 14002496 |
> > | 205 | backup0-fd | 2006-08-18 23:05:01 | I | 125 |
> > 3977736583 |
> > | 204 | scapa.sv-fd | 2006-08-17 23:20:41 | I | 995 |
> > 13891509 |
> > | 203 | arran.sc-fd | 2006-08-17 23:15:00 | I | 997 |
> > 1490799884 |
> > | 202 | backup0-fd | 2006-08-17 23:05:01 | I | 109 |
> > 3825503971 |
> > | 201 | scapa.sv-fd | 2006-08-16 23:20:30 | I | 980 |
> > 15184019 |
> > | 200 | arran.sc-fd | 2006-08-16 23:14:46 | I | 965 |
> > 1491301373 |
> > | 199 | backup0-fd | 2006-08-16 23:05:01 | I | 110 |
> > 3642618111 |
> > | 198 | scapa.sv-fd | 2006-08-15 23:25:06 | I | 81 | 6980828
> > |
> > | 197 | arran.sc-fd | 2006-08-15 23:20:40 | I | 735 |
> > 1406471071 |
> > | 196 | backup0-fd | 2006-08-15 23:05:01 | I | 89 |
> > 3457565179 |
> > | 195 | scapa.sv-fd | 2006-08-15 14:09:10 | I | 1391 |
> > 662205564 |
> > | 194 | arran.sc-fd | 2006-08-15 13:52:13 | I | 1120 |
> > 1492100696 |
> > | 167 | backup0-fd | 2006-08-15 06:59:25 | I | 144 |
> > 4181466442 |
> > | 166 | scapa.sv-fd | 2006-08-06 13:23:51 | F | 220252 |
> > 5281275263 |
> > | 165 | arran.sc-fd | 2006-08-06 12:28:00 | F | 653659 |
> > 10606103660 |
> > | 164 | backup0-fd | 2006-08-06 12:05:02 | F | 199727 |
> > 4988104804 |
> > | 160 | scapa.sv-fd | 2006-08-06 06:36:01 | I | 42 | 3060330
> > |
> > | 159 | arran.sc-fd | 2006-08-06 06:32:30 | I | 708 |
> > 1266961221 |
> > +-------+-------------+---------------------+----------+----------+----------------+
> >
> >
> > --
> > Jo Rhett
> > senior geek
> > SVcolo : Silicon Valley Colocation
>
> --
> Jo Rhett
> senior geek
> SVcolo : Silicon Valley Colocation
--
Jo Rhett
senior geek
SVcolo : Silicon Valley Colocation
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users
