Hello,

Thanks for the feedback.  I'll add these items to the documentation. 
As for the problems of details of "show" and "list", I'm not sure it is worth 
the effort to add finer grain ACL testing, however, I will note in my todo 
list and see if it is possible.  In general for the moment, you will need to 
not enable those commands if you think they will cause a security violation.

If you find any other cases where users can get at information that does not 
belong to the, please let me know so that I can either fix it or document 
it ...

See below for more comments:

On Tuesday 27 February 2007 22:33, Zeratul wrote:
> Hi
>
> Recently I tested the patch that fix the bug 767 (see bugs.bacula.org). The
> patch works fine -  the restricted console is not able anymore to cancel
> running jobs that not belongs to it.
> With this occasion I tested other commands and I found few things which, in
> my opinion, should be mentioned, maybe for future references:
>
> - the shortcuts for commands (for example "st" or "sta" instead of
> "status") can't be used in a restricted console, except the case when the
> shortcuts are literally mentioned in the CommandACL.

Yes, this is correct. Since shortcuts are not always "unique" you are required 
to add the exact shortcut that you wish the user to be able to use.

> - the command "help" retuns the full commands list and, for a restricted
> user, 

I'll look into filtering this ...

> typing commands that returns "... is an invalid command" can be 
> frustrating because the user have no idea about the allowed commands

Can you explain more in detail what you mean or what you would like it to do?
It might be possible to convert more of those into "unauthorized command", but 
isn't it a lot of code for something rather minor?  If it is occurring at the 
main command level, it is easy to fix, however, if it occurs 
in "subcommands", it could be very pervasive.

> - the "show" command returns information related to other jobs than the
> ones configured in the restricted console configuration file

Yes, and it is hard to know how to filter it.  However, I will take a look at 
it, in some cases, it may be obvious such as "show catalogs" could easily 
apply the CatalogACL ...

> - the "query" command allows queries against job ids different than the
> ones related to the restricted console. Based on this, I get the volume
> names and job ids for other bacula clients and I tried to restore some
> files. 

I'm not going to be able to do much about the query command or with the SQL 
command.  Both take user input which cannot be easily parsed by Bacula -- 
i.e. I would need to add a full SQL command parser to make it work correctly.

For the query command, a workaround is to give the user his own local copy.
A better solution would be to add the Query Command directive to each of the 
restricted Console resources -- I think this probably should be a feature 
request, but it is something I would accept.

> It's true I wasn't able to restore any files from other jobs, but I 
> was able to "browse" the files list. One mention here - this is true only
> when the "restore" command is used and not when the "restore" tab is used
> in wx-console.

Can you explain why the restore command gives more information that the 
restore tab in wx-console?  It sounds like wx-console has implemented 
something that should be included in the core code ...

Regards,

Kern

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users

Reply via email to