Amanda-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: R: R: Access restriction in amrecover

2003-04-30 10:06:45
Subject: Re: R: R: Access restriction in amrecover
From: Jean-Louis Martineau <martinea AT IRO.UMontreal DOT CA>
To: Creator <creator AT mindcreations DOT com>
Date: Wed, 30 Apr 2003 09:58:03 -0400 
On Tue, Apr 29, 2003 at 03:51:57PM +0200, Creator wrote:
> I'm sorry Jean-Louis but it is not clear to me how to implement your
> suggestion.

I didn't say that it's possible to do it now with amanda, you will have
to patch amanda if you want this feature.

> Please, can you provide a configuration example?

Add an entry 'restore_host' in a dumptype that list the host that can restore
this DLE.

eg. restore_host hosta.domain.com hostb.domain.com

You will have to patch amindexd and amidxtaped to use and enforce
the restore_host option, the default is that all host can restore a DLE.

I see one big problem with that, if a customer start a recovery just before
your amdump start, your amdump will not be able to use the drive, all
dump will go to holding disk.

Jean-Louis
> 
> > -----Messaggio originale-----
> > Da: Jean-Louis Martineau [mailto:martinea AT IRO.UMontreal DOT CA] 
> > Inviato: giovedì 24 aprile 2003 20.21
> > A: Creator
> > Cc: amanda-users AT amanda DOT org
> > Oggetto: Re: R: Access restriction in amrecover
> > 
> > 
> > On Thu, Apr 24, 2003 at 08:59:38AM +0200, Creator wrote:
> > > I think it may be achieved using server-side authentication so no 
> > > matter which user you are running amrecover from the client.
> > > 
> > > Without proper authentication I'm forced to close the firewall port 
> > > 80012 to deny access to the index daemon. It is the only 
> > way I have to 
> > > limit customers from restoring other people backups.
> > > 
> > > In this case I'm forced to do the restores for them wasting my time.
> > > 1) I have to extract their data somewhere
> > > 2) I have to give them access to it to let them browse their files
> > > Result: no handy selective restore procedure :(
> > > 
> > > In the way I've proposed (like: customer can access only 
> > his data) I 
> > > can simply mount the tape on the tapechanger and let the 
> > customer do 
> > > their restore comfortably using amrecover.
> > > 
> > > I'm going to have a bad shape if I cannot work around this limit.
> > 
> > It could be done easily, add a dumptype entry 'restore_host' 
> > which list the hostname (or ip) that can restore the DLE. The 
> > amindexd an amidxtaped daemon will have to check the 
> > connecting host with the host listed in restore_host for this DLE.
> > 
> > Jean-Louis
> > -- 
> > Jean-Louis Martineau             email: martineau AT IRO.UMontreal DOT CA 
> > Departement IRO, Universite de Montreal
> > C.P. 6128, Succ. CENTRE-VILLE    Tel: (514) 343-6111 ext. 3529
> > Montreal, Canada, H3C 3J7        Fax: (514) 343-5834
> > 
> 

-- 
Jean-Louis Martineau             email: martineau AT IRO.UMontreal DOT CA 
Departement IRO, Universite de Montreal
C.P. 6128, Succ. CENTRE-VILLE    Tel: (514) 343-6111 ext. 3529
Montreal, Canada, H3C 3J7        Fax: (514) 343-5834
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: amanda/udp server failing on solaris 8, Stephen Carville
Next by Date:  RE: statefile for multi-changer / chg-multi: Attempting to back u p to Disk instead of tapes, Byarlay, Wayne A.
Previous by Thread:  R: R: Access restriction in amrecover, Creator
Next by Thread:  amanda/udp server failing on solaris 8, Liam Pace
Indexes:  [Date] [Thread] [Top] [All Lists]