Hello All,
I’ve set up a bacula server to do backups of some 10 systems. It’s a small-scale test setup to serve as a proof of concept and testing ground for a to-be-deployed larger setup (~300-400 systems).
I have those clients, in this case a server named “almond”, with it’s own Device ( a ZFS filesystem), it’s own Storage and Pool definitions etc. (Please note: I’m testing with making a configuration wherein each client has it’s own pool/storage/device in it’s own zfs filesystem. In the current config, almond is the only client for which this is configured like this. This shouldn’t change anything though) The config is below. This setup works very well, I can do parallel backups etc. and have great control over retention etc. The problem is that all clients that use that Director can do restore actions to themselves of data from any other client.
In short, the problem is:
1. I make a backup of system “almond”. This works well
2. On system “pine”, I start bconsole and connect to the Director
3. I select “restore”, “7 – enter a list of files to restore”.
4. It lists all defined clients. I select “almond”.
5. I select some files, say /etc/shadow and /etc/secret_file.
6. I select almond’s Job Resource
7. It says “Run restore job” and prints the current settings.
8. I use “mod” to change the restore_client to “pine”.
9. Type “yes” and it starts restoring almond’s /etc/shadow and /etc/secret_file to pine’s default restore directory. I can access almond’s secret files on my own system.
It works like this from all configured clients to all other configured clients.
This is clearly unwanted and counter-intuitive. I didn’t expect this default behavior and feel the manual should maybe reflect this. In this particular case all servers are mine, but in the larger setup we’ll have multiple departments, users, and companies server’s all being backupped to one Bacula server.
What’s worse, I can even create my own /etc/passwd and /etc/shadow on my own system “pine”,with my passwords for known accounts, make a backup of it, then use the above method to “restore” it to the almond server, thereby disallowing authorized users (as their accounts will be gone) and allowing myself access (as I have all users/passwords).
What I’d want is for each client, to only be able to see it’s own jobs, files, pools, volumes etc. and be able to only access those.
I have also tried the above with other configured clients, and the behavior is the same.
To solve things, I’ve tried setting ACL’s in the Console statement like this:
Console {
Name = Almond
Password = ""
ClientACL = Almond
StorageACL = Almond_Storage
PoolACL = Almond_Pool
}
But this doesn’t work. I thought this would limit the client as defined in Client { Name= Almond…..} to access only the listed storage and pools (which would be great, as almond has it’s own reserved pool), but it doesn’t do that. I think I may be interpreting the manual the wrong way. I’ve googled and found several other people asking the same question, but no working answers.
Any help would be greatly appreciated,
Many thanks in advance,
Reinder
## Config files below
The bacula-dir.conf file:
# Include client almond
@/opt/bacula/etc/client_almond.conf
Director { # define myself
Name = chestnut-dir
DIRport = 1901 # where we listen for UA connections
DIRAddress = chestnut-oam
QueryFile = "/opt/bacula/etc/query.sql"
WorkingDirectory = "/opt/bacula/var/working"
PidDirectory = "/var/run"
Maximum Concurrent Jobs = 20
Password = "very_long_password " # Console password
Messages = Daemon
}
JobDefs {
Name = "Weekly"
Type = Backup
Level = Incremental
FileSet = "Full Set"
Schedule = "WeeklyCycle"
Storage = BackupBacula
Messages = Standard
Pool = Pool1
Priority = 10
Write Bootstrap = "/opt/bacula/var/working/%c.bsr"
}
# Define the main nightly save backup job
Job {
Name = "Pine"
Client = "Pine"
JobDefs = "Weekly"
FileSet = "Motive"
}
# Other Jobs removed to make it more clear
# Backup the catalog database (after the nightly save)
Job {
Name = "BackupCatalog"
Client = "chestnut"
JobDefs = "Weekly"
Level = Full
FileSet="Catalog"
Schedule = "WeeklyCycleAfterBackup"
# This creates an ASCII copy of the catalog
# Arguments to make_catalog_backup.pl are:
# make_catalog_backup.pl <catalog-name>
RunBeforeJob = "/opt/bacula/etc/make_catalog_backup.pl Catalog"
# This deletes the copy of the catalog
RunAfterJob = "/opt/bacula/etc/delete_catalog_backup"
Write Bootstrap = "/opt/bacula/var/working/%n.bsr"
Priority = 11 # run after main backup
}
#
# Standard Restore template, to be changed by Console program
# Only one such job is needed for all Jobs/Clients/Storage ...
#
Job {
Name = "RestoreFiles"
Type = Restore
Client = chestnut
FileSet="Motive"
Storage = BackupBacula
Pool = Pool1
Messages = Standard
Where = /backup/bacula-restores
}
# List of files to be backed up
FileSet {
Name = "Full Set"
Include {
Options {
signature = MD5
}
File = /
File = /boot
File = /usr
File = /var
File = /opt
File = /home
}
Exclude {
File = /proc
File = /tmp
File = /.journal
File = /.fsck
}
}
FileSet {
Name = "Custom"
Include {
Options {
signature = MD5
}
File = /
File = /boot
File = /home
File = /rpool
File = /opt/app1
File = /opt/app2
File = /opt/app3
}
Exclude {
File = /proc
File = /tmp
File = /.journal
File = /.fsck
File = /var/run
File = /dev/fd
File = /etc/svc/volatile
File = /system/object
File = /system/contract
File = /devices
File = /global/.devices
}
}
Schedule {
Name = "WeeklyCycle"
Run = Full sun at 01:00
Run = Incremental mon-sat at 01:00
}
Schedule {
Name = "MonthlyCycle"
Run = Full 1st sun at 01:00
Run = Differential 2nd-5th sun at 01:00
Run = Incremental mon-sat at 01:00
}
# This schedule does the catalog. It starts after the WeeklyCycle
Schedule {
Name = "WeeklyCycleAfterBackup"
Run = Full sun-sat at 23:10
}
# This is the backup of the catalog
FileSet {
Name = "Catalog"
Include {
Options {
signature = MD5
}
File = "/opt/bacula/var/working/bacula.sql"
}
}
# Client (File Services) to backup
Client {
Name = Pine
Address = 10.x.y.z
FDPort = 1902
Catalog = Catalog
Password = "very_long_complex_string" # password for FileDaemon
File Retention = 30 days # 30 days
Job Retention = 180 days # six months
AutoPrune = yes # Prune expired Jobs/Files
}
# Other clients removed to make things more clear
# Definition of file storage device
Storage {
Name = BackupBacula
# Do not use "localhost" here
Address = chestnut
SDPort = 1903
Password = "very long string"
Device = FileStorage
Media Type = File
}
Catalog {
Name = Catalog
dbname = "bacula"; dbuser = "bacula"; dbpassword = ""
}
Messages {
Name = Standard
#
mailcommand = "/opt/bacula/sbin/bsmtp -h mailhost -f \"\(Bacula\) \<%r\>\" -s \"Bacula: %t %e of %c %l\" %r"
operatorcommand = "/opt/bacula/sbin/bsmtp -h mailhost -f \"\(Bacula\) \<%r\>\" -s \"Bacula: Intervention needed for %j\" %r"
mail = root@chestnut = all, !skipped
operator = root@chestnut = mount
console = all, !skipped, !saved
append = "/opt/bacula/var/log" = all, !skipped
catalog = all
}
#
# Message delivery for daemon messages (no job).
Messages {
Name = Daemon
mailcommand = "/opt/bacula/sbin/bsmtp -h mailhost -f \"\(Bacula\) \<%r\>\" -s \"Bacula daemon message\" %r"
mail = root@chestnut = all, !skipped
console = all, !skipped, !saved
append = "/opt/bacula/var/log" = all, !skipped
}
# File Pool definition
Pool {
Name = Pool1
Pool Type = Backup
UseVolumeOnce = no
Recycle = yes # Bacula can automatically recycle Volumes
AutoPrune = yes # Prune expired volumes
Volume Retention = 180 days # one year
Maximum Volume Bytes = 25G # Limit Volume size to something reasonable
Maximum Volumes = 400 # Limit number of Volumes in Pool
Volume Use Duration = 23h
LabelFormat = "volume"
}
# Scratch pool definition
#Pool {
# Name = Scratch
# Pool Type = Backup
#}
#
# Restricted console used by tray-monitor to get the status of the director
#
Console {
Name = chestnut-mon
Password = "long string"
CommandACL = status, .status
}
##########################################
This below is a separate file for the client “almond”.
It’s included in the bacula-dir.conf using “@filename”
# Include file for client Almond
Job {
Name = "Almond"
Client = "Almond"
JobDefs = "Almond"
FileSet = "Motive"
}
Job {
Name = "Almond_Restore"
Type = Restore
Client = chestnut
FileSet="Motive"
Storage = Almond_Storage
Pool = Almond_Pool
Messages = Standard
Where = /backup/bacula-restores
}
Client {
Name = Almond
Address = 10.x.y.z
FDPort = 1902
Catalog = Catalog
Password = "very_long_complex_string"
File Retention = 30 days # 30 days
Job Retention = 180 days # six months
AutoPrune = yes # Prune expired Jobs/Files
}
Console {
Name = Almond
Password = ""
ClientACL = Almond
StorageACL = Almond_Storage
PoolACL = Almond_Pool
}
JobDefs {
Name = "Almond"
Type = Backup
Level = Incremental
FileSet = "Full Set"
Schedule = "WeeklyCycle"
Storage = Almond_Storage
Messages = Standard
Pool = Almond_Pool
Priority = 10
Write Bootstrap = "/opt/bacula/var/working/%c.bsr"
}
Pool {
Name = Almond_Pool
Pool Type = Backup
UseVolumeOnce = no
Recycle = yes
AutoPrune = yes
Volume Retention = 180 days
Maximum Volume Bytes = 25G
Maximum Volumes = 10
Volume Use Duration = 23h
LabelFormat = "almond_volume"
Action On Purge = Truncate
}
Storage {
Name = Almond_Storage
Address = chestnut
SDPort = 1903
Password = "long string"
Device = Almond_Device
Media Type = File
}
And the device in the bacula-sd.conf:
Device {
Name = Almond_Device
Media Type = File
Archive Device = /rpool/pool_almond
LabelMedia = Yes;
Random Access = Yes;
AutomaticMount = Yes;
RemovableMedia = No;
AlwaysOpen = No;
}