В Wed, 30 Jan 2013 11:19:13 +0200 Teodor MICU <mteo...@gmail.com> пишет:
> 2013/1/29 Alexander Golovko <alexan...@ankalagon.ru>: > >> ARGS="-u bacula -g bacula -k" > >> > >> I think that from a security perspective this should be the default > >> on package installation. > > > > This will lead to impossibility to restore backups without > > restarting bacula-fd. This is also can require changing user scripts > > for dump databases and such. This can confuse peoples. > > I'm having this setup and I can restore backups just fine. Of course, > the restore directory must be rwx by bacula or mode 1777. You lose files owner/group and acl on restoring. > > About the other thing (ie. dump databases), I can't tell. > > > I think, we should not change defaults, however, this functionality > > described in README.Debian.gz (USERS & SECURITY). > > But you do for bacula-dir and bacula-sd, why not for bacula-fd? > > > bacula-fd init script correctly work without /e/d/bacula-fd. > > Right. I thought that it depends on setting ENABLED="yes" but I see > now that it checks for "no". > > > But there is a reason for set defaults in init scripts for > > bacula-director and bacula-sd and comment defaults in /e/d/bacula-* > > Can you detail a little? I don't understand what you're trying to say. /e/d/bacula-{dir,sd} has nonempty ARGS and bacula-{director,sd} will be incorrectly runned under root privileges if defaults file missed. This should be changed. Also, there is a reason, that we should provide defaults in /e/d/bacula-* as comments. I think, this is will not be included into wheezy, but it should be fixed in next versions. -- with best regards, Alexander Golovko email: alexan...@ankalagon.ru xmpp: alexan...@ankalagon.ru
signature.asc
Description: PGP signature