>>>>> On Wed, 26 May 2010 22:37:50 +0200, Kern Sibbald said: > > On Wednesday 26 May 2010 16:43:34 Marc Schiffbauer wrote: > > Hi all, > > > > as referring to bug #1532 bacula by default installs the bacula > > administration GUI with permissions so that only root can execute > > it. > > > > Why? > > > > I do not see any reason why I should not use bat as normal user (or > > bconsole). > > > > For example I always used to use "bat -c ~/.bacula/bat.conf" to run > > bat as normal user from my workstation to control the bacula-dir > > running on the backup server. > > > > This is always more secure than running the whole app as user root. > > We try to install Bacula by default in a reasonably secure way. Since bat by > default can get to *all* files, it is not appropriate for us to allow all > users to access it.
The config file and its password controls access much better than this. Using file permissions to protect something that is freely available from other sources makes no sense to me. > If you need it executable from a user account (I do), then it is up to you to > modify the permissions. The extra time it takes you to make the change is > trivial, in my opinion, to the potential damage that could be done by > installing it open by default. The time taken to change it isn't the problem -- it is the time taken to understand the implications of changing it. Encouraging people to work around security by using chmod is a really bad idea. __Martin ------------------------------------------------------------------------------ _______________________________________________ Bacula-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/bacula-devel
