Hello, Thanks for the feedback. I'll add these items to the documentation. As for the problems of details of "show" and "list", I'm not sure it is worth the effort to add finer grain ACL testing, however, I will note in my todo list and see if it is possible. In general for the moment, you will need to not enable those commands if you think they will cause a security violation.
If you find any other cases where users can get at information that does not belong to the, please let me know so that I can either fix it or document it ... See below for more comments: On Tuesday 27 February 2007 22:33, Zeratul wrote: > Hi > > Recently I tested the patch that fix the bug 767 (see bugs.bacula.org). The > patch works fine - the restricted console is not able anymore to cancel > running jobs that not belongs to it. > With this occasion I tested other commands and I found few things which, in > my opinion, should be mentioned, maybe for future references: > > - the shortcuts for commands (for example "st" or "sta" instead of > "status") can't be used in a restricted console, except the case when the > shortcuts are literally mentioned in the CommandACL. Yes, this is correct. Since shortcuts are not always "unique" you are required to add the exact shortcut that you wish the user to be able to use. > - the command "help" retuns the full commands list and, for a restricted > user, I'll look into filtering this ... > typing commands that returns "... is an invalid command" can be > frustrating because the user have no idea about the allowed commands Can you explain more in detail what you mean or what you would like it to do? It might be possible to convert more of those into "unauthorized command", but isn't it a lot of code for something rather minor? If it is occurring at the main command level, it is easy to fix, however, if it occurs in "subcommands", it could be very pervasive. > - the "show" command returns information related to other jobs than the > ones configured in the restricted console configuration file Yes, and it is hard to know how to filter it. However, I will take a look at it, in some cases, it may be obvious such as "show catalogs" could easily apply the CatalogACL ... > - the "query" command allows queries against job ids different than the > ones related to the restricted console. Based on this, I get the volume > names and job ids for other bacula clients and I tried to restore some > files. I'm not going to be able to do much about the query command or with the SQL command. Both take user input which cannot be easily parsed by Bacula -- i.e. I would need to add a full SQL command parser to make it work correctly. For the query command, a workaround is to give the user his own local copy. A better solution would be to add the Query Command directive to each of the restricted Console resources -- I think this probably should be a feature request, but it is something I would accept. > It's true I wasn't able to restore any files from other jobs, but I > was able to "browse" the files list. One mention here - this is true only > when the "restore" command is used and not when the "restore" tab is used > in wx-console. Can you explain why the restore command gives more information that the restore tab in wx-console? It sounds like wx-console has implemented something that should be included in the core code ... Regards, Kern ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
