On Friday 13 April 2007 12:32, MasterBrian wrote: > Hi > > >> I'm not a windows person too, but some files, could not be read by > >> LOCAL-SYSTEM. > > > > Bacula runs as SYSTEM not local system.
> > I repeat, I'm not a windows person, but this is what I found in > user/group configuration and it is LOCAL SYSTEM account. > This is not a flame of course :) There are two standard Win32 User names: "SYSTEM" and "LOCAL SERVICE" that can be easily confused. Bacula runs under SYSTEM. If it is running under something different on your system, then your system is configured differently from the Win32 systems I know, and I don't imagine Bacula will work correctly. It should *not* be running under LOCAL SERVICE because it won't be able to obtain all the permissions it needs. > > > >> If you try to backup some-kind of files created from active directory > >> you are in trouble. > > > > I have never heard of this before and no one, to the best of my knowledge, has > > reported it. In any case, if it is true, then it needs to be reported and > > documented, with possibly a workaround, which I imagine is simply a matter of > > the admin giving the appropriate permissions if they want the files backed > > up. > > It is true :) I can send the log if you wish. If any information could > be of any use please let me know. Make bacula-fd run's with privilege of > "domain admins" or "domain backup operators" or "Local system" never let > me save all the files/folders from AD server. That is quite possibly the case, and probably one of the reasons why I made Bacula run under SYSTEM (that was 5 years ago). > > > As I said above, changing the user under which the FD is installed is not > > something we are going to support. You are on your own -- that is the beauty > > of Open Source -- you can make it work the way you want. > > Yes, and I will like OS also for this. I'm not here to make you change > your mind, just to report my experience with bacula. Sometimes to share > experience with users/developers that use this sw from a lot of time ;-) > > >> This is valid also for the *nix environment, because of privacy/security > >> ecc > > > > On *nix systems the FD runs *only* as root. We do not support any other > > options. This is not a question of security, but what is required by the > > system. The same applies on Win32 to the FD. If you want to run it a > > different way, fine, but you are on your own. > > I'm sorry, maybe I express myself in the wrong way. I really don't want > to tell to bacula's developer what to do and in which way. I'm not the > right person to say that :) > IMHO, running FD with priveleges different from admin, could prevent > some security issues. > > > > > Perhaps you are confusing the FD with the DIR and the SD, which potentially > > can be run under different accounts -- however, that is a different question, > > and it needs to be answered by Robert, who maintains those components (DIR > > and SD). > > > >> ... Excluding/selecting witch file to backup it is NOT the same thing. > > > > I'm not sure what the above sentence means, but in any case, it won't change > > my decision. > > This is the point. Please consider *ipotetically* that bacula-fd win32 > had a pontential bug. Some maliciuous user, able to contact the fd can > in some way, access all files on the machine. > This is the why we are considering changing to use a different user to > make backups. > Same for linux, *nix or whatever else. Running a service, also if it is > hardened, with root/administrator privileges *COULD* be dangerous. > > Expecially in backup environment, that can access so many files, some of > them are vital for the system. We are not backing up only data, but also > pieces of system. > > Btw, I understain that you support only fd that runs with root > privileges, and I like you understain why sometimes this is not possibile. > > Thank you for you support, I appreciate it very much, really :) > ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Bacula-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/bacula-users
