On Wed, 4 Apr 2007, Ryan Novosielski wrote: > If something won't start as a non-root user, you need to find out why. > All that bacula-dir needs is to own the files that it needs to write > to/have appropriate permissions to read the files it needs to read.
Correct > This goes the same for the -sd, except you must include the /dev/nst, > /dev/rmt, or whatever your system feels like calling the tape drive. Correct, as long as the user and/or group permissions of the tape drive are ok for that user (It's a common trap...) The problem on (at least) linux systems is when bacula-sd attempts to adjust any tape drive settings such as buffering or compression. I am getting a constact stream of "Only root can do that" errors in my logs because of this. Solving this would be nice, but is not a high priority. > The - -fd arguable needs to run as root, but only if it is backing up > files that a regular user cannot read. (Which is pretty much everything, unless it's working in tightly defined directory trees.) Ryan is correct that running things as root is a security hazard. Time and again when I see this happening it's because the coder or admin comes from a windows background where things _have_ to be root to work, thanks to the flawed security models in that environment. It'd be nice to be able to lock things down even more tightly. I've even been tempted to setup chroot environments for bacula-fd and -dir AB ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
