Re: [Bacula-users] restricted consoles doesn't limit restores?

Sat, 19 Aug 2006 11:53:35 -0700 

On Sat, 19 Aug 2006, Jo Rhett wrote:

> In a previous message, Kern said:
>  Maybe I am misunderstanding the request, because Bacula has since quite some
>  time had very fine grain control of Client access.  There is perhaps some
>  need for improvement of where the user can restore the files so that he/she
>  is not able to clobber other users files, but other than that, as far as I
>  know it all works fine.  Restricted Consoles and Bacula Director Access
>  control lists ...
>
> So I did some testing using the examples from the documentation 
> and came up with this test of my personal machine:
>
> Console {
>        Name = triceratops.lizardarts.com-console
>        Password = "*removed*"
>        JobACL = "triceratops.lizardarts.com"
>        ClientACL = triceratops.lizardarts.com-fd
>        StorageACL = Disk_clients
>        ScheduleACL = *all*
>        PoolACL = clients_Pool
>        FileSetACL = *all*
>        CatalogACL = clientsCatalog
>        CommandACL = restore
> }
>
> This works fine on the surface.  I can connect only if the 
> passwords are right.  I can only run the commands that are listed 
> in the command acl. If I use the "run" command it immediately goes 
> directly to my one and only backup job. Good so far.
>
> But when I try to run a restore, I see the following.  Note that 
> none of these jobs are even in the same catalog as this client:

Have you tried setting the FileSetACL to only the FileSet for that 
particular client, instead of *all*?

I set the FileSetACL to only the FileSet for that particular client, 
and that is the only one visible from the restricted client.

    -- Michael

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Bacula-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/bacula-users

Reply via email to