Re: Amanda Security

Thu, 14 Apr 2005 01:19:05 -0700

Greg Troxel wrote: 
d) Can an unauthorized party ask the server to retrieve backups?

I'm not the least bit comfortable with this; I don't run the recover
or indexing daemons.


This part works also using bsd-security.  The .amandahosts file
works both ways.

The .amandahosts file on a client contains the host and username of
amandaserver.  It is usually only one line on most clients:
  server.nowhere.com   amanda

The .amandahosts file on the server contains usually the same line
(because the server is a client of itself too).  And in addition to
this, you can/need add a line for each client that needs to
recover files.  That line usually needs to specify "root" as username,
because you usually want the permissions and owners of files on the
client to be correctly restored too.

Because many of my users do know the local root password, or have
sudo access on their workstation, I have most of those lines
commented out (*) in my .amandahosts file on the server.
The file looks like this:
  server.nowhere.com   amanda
  #client1.nowhere.com  root
  #client2.nowhere.com  root
  #client3.nowhere.com  root

When I need to restore on a client, I can uncomment the necessary line
for a few minutes/hours.

(*) real comments are actually not supported in the syntax of the file.
    The program assumes the hostname is '#client1.nowhere.com'
    which, if you control the DNS access on the server, does not
    match any existing hostname.


--
Paul Bijnens, Xplanation                            Tel  +32 16 397.511
Technologielaan 21 bus 2, B-3001 Leuven, BELGIUM    Fax  +32 16 397.512
http://www.xplanation.com/          email:  [EMAIL PROTECTED]
***********************************************************************
* I think I've got the hang of it now:  exit, ^D, ^C, ^\, ^Z, ^Q, F6, *
* quit,  ZZ, :q, :q!,  M-Z, ^X^C,  logoff, logout, close, bye,  /bye, *
* stop, end, F3, ~., ^]c, +++ ATH, disconnect, halt,  abort,  hangup, *
* PF4, F20, ^X^X, :D::D, KJOB, F14-f-e, F8-e,  kill -1 $$,  shutdown, *
* kill -9 1,  Alt-F4,  Ctrl-Alt-Del,  AltGr-NumLock,  Stop-A,  ...    *
* ...  "Are you sure?"  ...   YES   ...   Phew ...   I'm out          *
***********************************************************************

Reply via email to