Bacula-users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Bacula-users] Restricting who can restore data from which system to where

2012-10-22 04:23:43
Subject: Re: [Bacula-users] Restricting who can restore data from which system to where
From: <r.schuitemaker AT kpn DOT com>
To: <bacula-users AT lists.sourceforge DOT net>
Date: Mon, 22 Oct 2012 10:20:19 +0200 
 
>> To solve things,  I've tried setting ACL's in the Console statement like 
>> this:
>> 
>> Console {
>>   Name = Almond
>>   Password = ""
>>   ClientACL = Almond
>>   StorageACL = Almond_Storage
>>   PoolACL = Almond_Pool
>> }
>> 
>> But this doesn't work. I thought this would limit the client as 
>> defined in Client { Name= Almond.....}  to access only the listed 
>> storage and pools (which would be great, as almond has it's own 
>> reserved pool), but it doesn't do that. I think I may be interpreting 
>> the manual the wrong way. I've googled and found several other people 
>> asking the same question, but no working answers.

>The Console statement in bacula-dir.conf isn't designed to match a named 
>Client statement.  You need to put a special bconsole.conf on the client, so 
>that it uses the Console directive in the bacula-dir.conf.

>See the restricted-user examples here:

>http://www.bacula.org/5.2.x-manuals/en/main/main/Console_Configuration.html

>__Martin

Martin, 

Thanks for your answer, but that doesn't fully solve my issue. The root user on 
client A can modify his own bconsole.conf, so any security that depends on 
bconsole.conf isn't security. I only want to trust those clients like a bank 
trusts it's safety deposit box holders: I trust client A with the files from 
Client A and with Client A's password, but I don't trust Client A with Client 
B's files, just like the bank will trust Client A with the key to his box, but 
not with the key to Mr. B's box.  I'd like the security to be thus that only 
client A can access client A's files, and nothing more. I don't see how I can 
accomplish that by using only a bconsole.conf on the client side. Is there any 
other way that you know of?

Thanks in advance, 

Reinder.


------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_sfd2d_oct
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Bacula-users] Bacula query, krishna pawankar
Next by Date:  [Bacula-users] Differential backup with old timestamps, "Jürgen Ecker"
Previous by Thread:  Re: [Bacula-users] Restricting who can restore data from which system to where, Geert Stappers
Next by Thread:  Re: [Bacula-users] Restricting who can restore data from which system to where, Martin Simmons
Indexes:  [Date] [Thread] [Top] [All Lists]