On 9/6/2013 10:31 AM, Steve Lee wrote:
*Hi
My head of security just raised a concern about use of bacula and the
client-run-before-job feature which allows a user with access to the
bacula-director server to run any command as root on any client to
which the director is configured to connect.
Has anyone else come accross this issue and come up with a solution?*
Others have mentioned that only an administrator should have bacula-dir
access to prevent both running commands on the client and restoring
arbitrary files to the client. Consider also that a user with bacula-dir
access can "restore" the client's files from normal backups to a
location other than the client, and so has access to all of the client's
files in a fashion not easily detectable. As always, normal users should
not have access, yet someone (sysadmin) must have access and so must be
trusted.
------------------------------------------------------------------------------
Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
Discover the easy way to master current and previous Microsoft technologies
and advance your career. Get an incredible 1,500+ hours of step-by-step
tutorial videos with LearnDevNow. Subscribe today and save!
http://pubads.g.doubleclick.net/gampad/clk?id=58041391&iu=/4140/ostg.clktrk
_______________________________________________
Bacula-devel mailing list
Bacula-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-devel
