>> To solve things, I've tried setting ACL's in the Console statement like
>> this:
>>
>> Console {
>> Name = Almond
>> Password = ""
>> ClientACL = Almond
>> StorageACL = Almond_Storage
>> PoolACL = Almond_Pool
>> }
>>
>> But this doesn't work. I thought this would limit the client as
>> defined in Client { Name= Almond.....} to access only the listed
>> storage and pools (which would be great, as almond has it's own
>> reserved pool), but it doesn't do that. I think I may be interpreting
>> the manual the wrong way. I've googled and found several other people
>> asking the same question, but no working answers.
>The Console statement in bacula-dir.conf isn't designed to match a named
>Client statement. You need to put a special bconsole.conf on the client, so
>that it uses the Console directive in the bacula-dir.conf.
>See the restricted-user examples here:
>http://www.bacula.org/5.2.x-manuals/en/main/main/Console_Configuration.html
>__Martin
Martin,
Thanks for your answer, but that doesn't fully solve my issue. The root user on
client A can modify his own bconsole.conf, so any security that depends on
bconsole.conf isn't security. I only want to trust those clients like a bank
trusts it's safety deposit box holders: I trust client A with the files from
Client A and with Client A's password, but I don't trust Client A with Client
B's files, just like the bank will trust Client A with the key to his box, but
not with the key to Mr. B's box. I'd like the security to be thus that only
client A can access client A's files, and nothing more. I don't see how I can
accomplish that by using only a bconsole.conf on the client side. Is there any
other way that you know of?
Thanks in advance,
Reinder.
------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_sfd2d_oct
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
|