I'm attempting to create console resource in bacula-dir.conf that would allow client to restore its own files to itself only (so basically, no access to anything else, no any kind of access that would affect other clients, and so on).
What I did was something like this: Console { Name = zlurad-con Password = "some-long-password-here" ClientACL = zlurad-fd JobACL = RestoreFiles CommandACL = restore,quit StorageACL = *all* PoolACL = *all* FileSetACL = *all* } Then in bconsole.conf on the client, I did something like: Director { Name = zlurad-con # or should I use becky-dir here? DIRport = 9101 address = becky.milivojevic.org Password = "xxxxx" } Console { Name = zlurad-con Password = "some-long-password-here" } Question to "those that know much more than me", is this secure and tight enough? I was a bit lazy with specifying storage, pool and fileset ACLs. My guess is using *all* for those shouldn't hurt since I already limited things using ClientACL directive, and console can't issue any commands such as "list" that would reveal resources not associated with that client. Am I right with my assumption? BTW, it seems I can't exit from console unless CommandACL contains "quit" command ;-) ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. ------------------------------------------------------- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42" plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users