I could see where this could come into play in compliance and mutli-tenant
situations.
It wouldn't hurt to have access masks on the client side as far as allowed
directories and / or functions like run commands, maybe even a way to set
the client read-only without explicit client action like turni
Il 06/09/2013 20:18, bacula-devel-requ...@lists.sourceforge.net ha scritto:
> I hope bacula's designer will take care of that, because it IS an issue.
I think that you missed one important thing about floss projects: if
this is an important issue for you, you should develop this feature.
Kern say
2013/9/6, Kern Sibbald :
> Hello,
>
> The only security issue is that a "user" should not have access
> to the Bacula Director. Only qualified sys admins should have
> such access.
>
> Best regards,
> Kern
>
>
That's not true.
There are other security issues related to the fact that TCP bacula
s
You really don't have to have bacula run as root on the clients. You
can also do RSA authentication.
On Fri, 2013-09-06 at 14:26 -0400, Josh Fisher wrote:
> On 9/6/2013 10:31 AM, Steve Lee wrote:
> >
> >
> > Hi
> >
> > My head of security just raised a concern about use of bacula and
> > the
Bacula is designed with as much security in mind as
I knew/know about. Perhaps you haven't yet had the time
to read the manual, but aside from not letting a "user" get access
to the Director, you can encrypt all the communications, you can
also run the FD in backup only mode, and restart it in rea
On 9/6/2013 10:31 AM, Steve Lee wrote:
*Hi
My head of security just raised a concern about use of bacula and the
client-run-before-job feature which allows a user with access to the
bacula-director server to run any command as root on any client to
which the director is configured to connect
Hello,
The only security issue is that a "user" should not have access
to the Bacula Director. Only qualified sys admins should have
such access.
Best regards,
Kern
On 09/06/2013 04:31 PM, Steve Lee wrote:
*Hi
My head of security just raised a concern about use of bacula and the
client-ru
It's honestly no worse than "restoring" a given file any where with any
content from the central point vs the client's request.
-Blake
On Fri, Sep 6, 2013 at 9:31 AM, Steve Lee wrote:
>
> *Hi
>
> My head of security just raised a concern about use of bacula and the
> client-run-before-job fe
Hi
My head of security just raised a concern about use of bacula and the
client-run-before-job feature which allows a user with access to the
bacula-director server to run any command as root on any client to which the
director is configured to connect.
Has anyone else come accross this issue
