To my mind this should be possible like this:
Console { Name = con-client-note Password = "clientpassword" ClientACL = client-note-fd JobACL = client-note StorageACL = storage-client-note PoolACL = pool-default, pool-client-note-full, pool-client-note-incr FileSetACL = client-note CatalogACL = MySQL CommandACL = status, run, .status, restore, list, help, .jobs, .clients, .filesets, .pools, .storage, .defaults, .backups }
If you want to use Bat, you have to also include .sql command, but as I understand it, this opens up a security hole in the server as a customized console could execute any SQL-command through that. Please correct me if I'm wrong.
On Thu, 17 Nov 2011 23:30:54 +0100, Alexandre Chapellon wrote:
I don't think this is even possible. Bacula is not designed for shared environements. Not possible... until someelse tells how to do it.
regards
Le 17/11/2011 17:25, vishal veerkar a écrit :
I have achieved the expected by adding "sqlquery" in CommandACL.
But still the bigger picture remains unknown to me. How i can restrict a client console to see only his own Job related information. Because currently i am able to below things:
1. Able to see the Jobs completed for other clients 2. Able to fire a restore job for other client and restore the files on local machine( Security breach) 3. Able to see the list of total jobs configured on the director (Backup+ Restore).
The requirement is to isolate every client from other and show him information only related his own.
Regards,
Vishal Veerkar
On Wed, Nov 16, 2011 at 7:19 PM, vishal veerkar <vishalveerkar AT gmail DOT com> wrote:
Just to add,
[root@test ~]# bconsole Connecting to Director bacula3:9101 1000 OK: bacula3-dir Version: 5.0.3 (04 August 2010) Enter a period to cancel a command. *restore Automatically selected Catalog: MyCatalog Using Catalog "MyCatalog"
First you select one or more JobIds that contain files to be restored. You will be presented several methods of specifying the JobIds. Then you will be allowed to select which files from those JobIds are to be restored.
To select the JobIds, you have the following choices: 1: List last 20 Jobs run 2: List Jobs where a given File is saved 3: Enter list of comma separated JobIds to select 4: Enter SQL list command 5: Select the most recent backup for a client 6: Select backup for a client before a specified time 7: Enter a list of files to restore 8: Enter a list of files to restore before a specified time 9: Find the JobIds of the most recent backup for a client 10: Find the JobIds for a backup for a client before a specified time 11: Enter a list of directories to restore for found JobIds 12: Select full restore to a specified Job date 13: Cancel Select item: (1-13): 1 SQL query not authorized.
Regards,
Vishal
On Wed, Nov 16, 2011 at 6:52 PM, vishal veerkar <vishalveerkar AT gmail DOT com> wrote:
Hi,
I am currently running a multi customer (shared) env. backup system. How i can restrict the client to only see the successful jobs for his own backup client on bconsole. Currently i have only given the "CommandACL = run, restore, messages, .messages". If i give "list" option the end user, he also gets access to all the other resources such as pools, volume etc. I would only like to have customer should only see his own jobs status.
Thanks in advance.
-- With regards,
Vishal Veerkar
horoa_sig.png
Description: PNG image
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure
contains a definitive record of customers, application performance,
security threats, fraudulent activity, and more. Splunk takes this
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d _______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
|