On 18.12.2015 18:01, Phil Stracchino wrote: > On 12/18/15 11:56, Kern Sibbald wrote: >> Hello, >> >> If you have hundreds of users with root access and they can access the >> Bacula Director machine as root, you have a far bigger security problem >> than just Bacula, since they can do anything to your machines and the >> Bacula Director machine, and there is no way Bacula could ever avoid it. > This. It is a truism in computer security that once an attacker gains > root privileges, you're done, game over. > >
Well, I do not even talk about attackers (which would be way more worse than my example). I just want to make sure that an mail server administrator (which only has root access on e.g. one single machine) is not able to use Bacula to access backups of database servers holding accounting information. In fact the whole discussion breaks down to a very simple question: / //Is the director password thats stored in the file daemon configuration on a client machine the same password that gains me administrative access to the director using bconsole./ If the answer to this question is "yes" we have a serious problem. If the answer is "no", I completely misunderstood the security concept of Bacula. Cheers, Heri
------------------------------------------------------------------------------
_______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
