Item 1: Read-only mode for file daemon Origin: Richard Tector <rich...@tector.org.uk> Date: 12th Feb 2012 Status:
What: The ability to configure the file daemon to operate in a read-only mode, ie. refuse to run restore jobs. This would ideally be set in the daemon's configuration file, either as a list of 'allowed' job types (Backup/Verify) as a simple read-only knob. Why: In the event of the server running the Bacula Director service being compromised, having distributed file daemons in a read-only mode would stop critical files from being overwritten remotely and so leading to additional system compromises. In the event of a file restore being required, the read-only knob could be flipped locally on a temporary basis. Notes: Whilst the file daemon does have a '-k' option, this is not reliably cross-platform. Additionally it is not always feasible to reduce the privileges of the bacula user and then use file system ACLs to limit write privileges. This feature request obviously does not remove the risk from the file daemon being compromised. Item 2: File daemon directory restrictions Origin: Richard Tector <rich...@tector.org.uk> Date: 12th Feb 2012 Status: What: The ability within the file daemon configuration to restrict which directories can be accessed by a remote Director for backup/restore jobs, etc. Why: A system may have sensitive data on it that does not require backing up with Bacula. These files/directories may be backed up either to a different Director/File daemon or through another method. The ability to set restrictions would reduce the risk of data leakage in the event that the Director is compromised. Notes: As with the former feature request, it is not always feasible or desired to restrict access through the use of file system access controls. Again, this feature would not mitigate against file daemon compromise. ------------------------------------------------------------------------------ Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
