Tom Strickland <[EMAIL PROTECTED]> writes:
> Our system will be run largely without a competent Unix administrator
> on-site. The secretary and one other individual will be responsible
> for tape-changing, cleaning and amrecover for files and directories
> deleted by users.
> My question:
> Some of our files are more confidential and I would like to hide these
> a little: the director's files and the accounts. Is there anyway to
> protect these? It doesn't have to be high grade security, just
> security through obscurity.
Tom,
What about sudo? The recovered files keep owner and permissions. Let
the operator's sudo to the (too powerfull in this case) Amanda user
just for amcheck, amrecover and what else you like. You'll see their
actions in the syslog. The good thing: no password for the Amanda user
has to be given away.
We have set up just our tape changing that way.
Johannes Niess
