I've been trying to enable client restores using amrecover, but
the minimal set of permissions required seems a bit strange.
It seems that amandad, amindexd and amidxtaped all filter accesses
through the amandahosts file. Thus, one entry provides access to
all three.
But my understanding is that amandad provides (essentially) remote read
access to all file systems. I do NOT want to give all amanda clients
remote read access to the server's file systems! (Including cleartext
passwords from /etc/amandapass and other mischief-enabling info.)
But I do want to give them access to amindexd (read-only access to
index files) and amidxtaped (read-only access to the tape drive for
doing restores).
I've implemented the relevant permissions using hosts.allow, but it
seems somewhat mindboggling that amanda was designed this way in the
first place. So I've probably misunderstood something.
Can someone tell me what the real story is?
Thanks!
