Op 20121019 om 18:13 schreef Martin Simmons:
> >>>>> On Wed, 17 Oct 2012 17:24:06 +0200, said:
> >
> > To solve things, I've tried setting ACL's in the Console statement like
> > this:
> >
> > Console {
> > Name = Almond
> > Password = ""
> > ClientACL = Almond
> > StorageACL = Almond_Storage
> > PoolACL = Almond_Pool
> > }
> >
> > But this doesn't work. I thought this would limit the client as defined in
> > Client { Name= Almond.....} to access only the listed storage and pools
> > (which would be great, as almond has it's own reserved pool), but it doesn't
> > do that. I think I may be interpreting the manual the wrong way. I've
> > googled and found several other people asking the same question, but no
> > working answers.
>
> The Console statement in bacula-dir.conf isn't designed to match a named
> Client statement. You need to put a special bconsole.conf on the client, so
> that it uses the Console directive in the bacula-dir.conf.
>
> See the restricted-user examples here:
>
> http://www.bacula.org/5.2.x-manuals/en/main/main/Console_Configuration.html
>
> __Martin
>
To cover the
> > I can even create my own /etc/passwd and /etc/shadow on my own system
> > “pine”,with my passwords for known accounts, make a backup of it,
> > then use the above method to “restore” it to the almond server,
> > thereby disallowing authorized users (as their accounts will be gone)
> > and allowing myself access (as I have all users/passwords).
I want to add
http://www.bacula.org/5.2.x-manuals/en/main/main/New_Features_in_5_0_0.html
to this thread, where
| Read-only File Daemon using capabilities
|
| This feature implements support of keeping ReadAll capabilities
| after UID/GID switch, this allows FD to keep root read but drop write
| permission.
|
| It introduces new bacula-fd option (-k) specifying that ReadAll
| capabilities should be kept after UID/GID switch.
|
| root@localhost:~# bacula-fd -k -u nobody -g nobody
|
| The code for this feature was contributed by our friends at AltLinux.
is said.
Cheers
Geert Stappers
--
http://www.vanadcimplicity.com
------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_sfd2d_oct
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users
