Please always copy the list.
On Wednesday 30 November 2005 21:07, Tomas Vasko wrote:
> > > I have a suggestion to item 9 -- it would be nice, if administrator of
> > > FD machine was able to specify the paths that only could be backed up
> > > i.e. to prohibit backing up of another than enumerated directories.
> >
> > This is already the case. The director specifies what directories are
> > going to be backed up. None of the projects will change that ...
>
> i was likely not clear enough, see bellow
>
> > > This probably could be another item also, forasmuch as it has sense to
> > > restrict director also in non encrypting scenario -- to allow
> > > semi-trusted director to backup FD's machine public data without need
> > > for chrooting and to not be worried about private directories being
> > > backed up/stolen.
> >
> > The FD already specifies what director can attach to it, so I don't
> > really understand what a semi-trusted director is. For me, the director
> > is either trusted -- i.e. authenticated or not. You will need to be more
> > specific in your suggestions -- perhaps discussing them on the
> > bacula-users list would help
>
> well, i mean a case when administrators of a computer running FD and of
> computer running Director and SD are two different people and probably in
> two different companies. The both agrees on regular backups of the
> /path/to/the/pub directory on FD's computer. In current baculas
> implementation is there nothing what the administrator of FD can do to
> prevent the administrator of Director to back up thw whole FD's computer
> including the private directories.
>
> I do fully understand that file lists are specified on Director, but i
> would like to have a possibility to enumerate directories on FD that
> could be accessed by fd process and thus backed up. All directories that
> are not subdirectories of these specified would fd process refuse to backup
> and would return a kind of EPERM error to the director.
>
> Is it now more clear?
Yes, thanks for clarifying it. I don't have any immediate plans to implement
this since the basic phylosophy of Bacula is that the Director should decide
on everything.
However, you may be interested in using data encryption that Landon is working
on. In this project, the FD can require encryption to be enabled, and hence
you can from your Client machine guarantee that no one else can read your
data. This isn't exactly what you asked for, but would still allow
protection of your private directories.
--
Best regards,
Kern
(">
/\
V_V
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users
