Hello, our current understanding of the bacula security model is, that it is not possible to disable the anonymous aka default console. This leads to the fact that all users having root access to one of the clients does have access to all data that was backed up by bacula. In a network with hundrets of hosts, it is very likely that there are users with root access on one or the other machine. Mail server admins have to manage their systems, web server admins manage theirs. But simply installing bconsole and accessing the director with the anonymous console enables each of them to fully access the backup of all machines. This means that if a user has root access to one client, he has kind of full access to all backed up hosts.
Hopefully there is something that I misunderstood. As this makes all firewalls and ACL controls in a network useless if Bacula really opens up the gates in that way. Thanks for enlightening me. Cheers, Heri
------------------------------------------------------------------------------
_______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
