>It seems that amandad, amindexd and amidxtaped all filter accesses
>through the amandahosts file. ...
That's one limit, yes.
>But my understanding is that amandad provides (essentially) remote read
>access to all file systems. ...
With enough work, yes, I suppose that's true.
>I do NOT want to give all amanda clients
>remote read access to the server's file systems! ...
You need the server itself listed to do the normal amdump runs. You only
need clients listed when doing a recovery (and they need to list "root"
rather than the Amanda user). So how about part of the amrecover
procedure is "add this line to ~amanda/.amandahosts" on the server" and
a similar note to yourself to remove it when done (and maybe a separate
cron job/procedure to look for stray entries)?
As an alternative (probably even better), you can protect all three
services with TCP wrappers (which is a good idea anyway) and only allow
amandad from the server.
John R. Jackson, Technical Software Specialist, [EMAIL PROTECTED]
