On Wed, Apr 13, 2005 at 08:54:35PM +0300, Toomas Aas wrote:
> Mike wrote:
> 
> > Is there anything in amanda that would prevent a "unauthorized/unknown" 
> > person from backing up to, or restoring data to, their personal machine 
> > remotely.
> 
> There is a file on each Amanda client called .amandahosts. This file 
> lists the hosts and usernames from which amanda accepts connections.


I assume the problem is unauthorized recovery of not-my-data ?

...but if a random user has login access to the server and there are
default settings on the tape drive ?

You can code the crontab line that runs amdump to offline the tape
after amdump completes, then if the tape drive is in a protected
computer room you are all set. This has been documented in the
amanda-users list. Something like

        amdump config && mt -f /dev/tape offline

Might be a little trickier with a jukebox or something that can load
a tape. Perhaps changing protections on the drive to 770 for either
the amanda user or whatever group its in.

As far as access to generic data online, its whatever your normal
access and protections are.

---
   Brian R Cuttler                 brian.cuttler AT wadsworth DOT org
   Computer Systems Support        (v) 518 486-1697
   Wadsworth Center                (f) 518 473-6384
   NYS Department of Health        Help Desk 518 473-0773