Hello Alan,
I am pretty much aware of the console resource, it is not used for the
anonymous console which provides administrative privileges. Therefore
you cant limit access to any data
with this as long as you are not able to turn off the anonymous console.
Cheers,
Heri
Am 18.12.15 um 15:30 schrieb Alan Brown:
tl;dr: RTFM
Bacula Enterprise has full restricted-user controls, if desired.
ie: User X can only access a subset of backups, user Y can only access
a different subset.
That's also there in community version 7.2 - see section 20.4 of the
main reference manual.
HOWEVER: In a network with "hundreds of hosts", you really should be
taking enterprise support and not trying to cut corners by using the
community version.
On 18/12/15 13:36, H. Steuer wrote:
Hello,
our current understanding of the bacula security model is, that it is
not possible to disable the anonymous aka default console.
This leads to the fact that all users having root access to one of
the clients does have access to all data that was backed up
by bacula.
In a network with hundrets of hosts, it is very likely that there are
users with root access on one or the other machine. Mail
server admins have to manage their systems, web server admins manage
theirs. But simply installing bconsole and
accessing the director with the anonymous console enables each of
them to fully access the backup of all machines. This
means that if a user has root access to one client, he has kind of
full access to all backed up hosts.
Hopefully there is something that I misunderstood. As this makes all
firewalls and ACL controls in a network useless if
Bacula really opens up the gates in that way.
Thanks for enlightening me.
Cheers,
Heri
------------------------------------------------------------------------------
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users
--
PATRONAS
PATRONAS Financial Systems GmbH
Schnewlinstr. 4
79098 Freiburg
fon +49 (0)761 400688-11
fax +49 (0)761 400688-61
ste...@patronas.com
http://www.patronas.com
PGP: C9753519
commercial register: Amtsgericht Freiburg, HRB 7212
executive board: Heribert Steuer, Carsten Osswald
This e-mail may contain confidential and/or privileged information. If
you are not the intended recipient (or have received this e-mail in error)
please notify the sender immediately and destroy this e-mail. Any
unauthorized copying, disclosure or distribution of the material in this
e-mail is strictly forbidden.
------------------------------------------------------------------------------
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users
