I'm attempting to create console resource in bacula-dir.conf that would allow
client to restore its own files to itself only (so basically, no access to
anything else, no any kind of access that would affect other clients, and so
on).
What I did was something like this:
Console {
Name = zlurad-con
Password = "some-long-password-here"
ClientACL = zlurad-fd
JobACL = RestoreFiles
CommandACL = restore,quit
StorageACL = *all*
PoolACL = *all*
FileSetACL = *all*
}
Then in bconsole.conf on the client, I did something like:
Director {
Name = zlurad-con # or should I use becky-dir here?
DIRport = 9101
address = becky.milivojevic.org
Password = "xxxxx"
}
Console {
Name = zlurad-con
Password = "some-long-password-here"
}
Question to "those that know much more than me", is this secure and tight
enough?
I was a bit lazy with specifying storage, pool and fileset ACLs. My guess is
using *all* for those shouldn't hurt since I already limited things using
ClientACL directive, and console can't issue any commands such as "list" that
would reveal resources not associated with that client. Am I right with my
assumption?
BTW, it seems I can't exit from console unless CommandACL contains "quit"
command ;-)
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
-------------------------------------------------------
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server.
Download it for free - -and be entered to win a 42" plasma tv or your very
own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users
