Amanda-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Amanda Security

2005-04-14 04:22:56
Subject: Re: Amanda Security
From: Paul Bijnens <paul.bijnens AT xplanation DOT com>
To: Mike <miket AT silvercrk DOT com>
Date: Thu, 14 Apr 2005 10:03:35 +0200 
Greg Troxel wrote:

d) Can an unauthorized party ask the server to retrieve backups?

I'm not the least bit comfortable with this; I don't run the recover
or indexing daemons.


This part works also using bsd-security.  The .amandahosts file
works both ways.

The .amandahosts file on a client contains the host and username of
amandaserver.  It is usually only one line on most clients:
  server.nowhere.com   amanda

The .amandahosts file on the server contains usually the same line
(because the server is a client of itself too).  And in addition to
this, you can/need add a line for each client that needs to
recover files.  That line usually needs to specify "root" as username,
because you usually want the permissions and owners of files on the
client to be correctly restored too.

Because many of my users do know the local root password, or have
sudo access on their workstation, I have most of those lines
commented out (*) in my .amandahosts file on the server.
The file looks like this:
  server.nowhere.com   amanda
  #client1.nowhere.com  root
  #client2.nowhere.com  root
  #client3.nowhere.com  root

When I need to restore on a client, I can uncomment the necessary line
for a few minutes/hours.

(*) real comments are actually not supported in the syntax of the file.
    The program assumes the hostname is '#client1.nowhere.com'
    which, if you control the DNS access on the server, does not
    match any existing hostname.


--
Paul Bijnens, Xplanation                            Tel  +32 16 397.511
Technologielaan 21 bus 2, B-3001 Leuven, BELGIUM    Fax  +32 16 397.512
http://www.xplanation.com/          email:  Paul.Bijnens AT xplanation DOT com
***********************************************************************
* I think I've got the hang of it now:  exit, ^D, ^C, ^\, ^Z, ^Q, F6, *
* quit,  ZZ, :q, :q!,  M-Z, ^X^C,  logoff, logout, close, bye,  /bye, *
* stop, end, F3, ~., ^]c, +++ ATH, disconnect, halt,  abort,  hangup, *
* PF4, F20, ^X^X, :D::D, KJOB, F14-f-e, F8-e,  kill -1 $$,  shutdown, *
* kill -9 1,  Alt-F4,  Ctrl-Alt-Del,  AltGr-NumLock,  Stop-A,  ...    *
* ...  "Are you sure?"  ...   YES   ...   Phew ...   I'm out          *
***********************************************************************
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: estimates, Paul Bijnens
Next by Date:  AW: AW: AW: Problem with tape and labeling (archiving), Sebastian Kösters
Previous by Thread:  Re: Amanda Security, Greg Troxel
Next by Thread:  Re: Amanda Security, Greg Troxel
Indexes:  [Date] [Thread] [Top] [All Lists]