On Tue, Apr 29, 2003 at 03:51:57PM +0200, Creator wrote:
> I'm sorry Jean-Louis but it is not clear to me how to implement your
> suggestion.
I didn't say that it's possible to do it now with amanda, you will have
to patch amanda if you want this feature.
> Please, can you provide a configuration example?
Add an entry 'restore_host' in a dumptype that list the host that can restore
this DLE.
eg. restore_host hosta.domain.com hostb.domain.com
You will have to patch amindexd and amidxtaped to use and enforce
the restore_host option, the default is that all host can restore a DLE.
I see one big problem with that, if a customer start a recovery just before
your amdump start, your amdump will not be able to use the drive, all
dump will go to holding disk.
Jean-Louis
>
> > -----Messaggio originale-----
> > Da: Jean-Louis Martineau [mailto:martinea AT IRO.UMontreal DOT CA]
> > Inviato: giovedì 24 aprile 2003 20.21
> > A: Creator
> > Cc: amanda-users AT amanda DOT org
> > Oggetto: Re: R: Access restriction in amrecover
> >
> >
> > On Thu, Apr 24, 2003 at 08:59:38AM +0200, Creator wrote:
> > > I think it may be achieved using server-side authentication so no
> > > matter which user you are running amrecover from the client.
> > >
> > > Without proper authentication I'm forced to close the firewall port
> > > 80012 to deny access to the index daemon. It is the only
> > way I have to
> > > limit customers from restoring other people backups.
> > >
> > > In this case I'm forced to do the restores for them wasting my time.
> > > 1) I have to extract their data somewhere
> > > 2) I have to give them access to it to let them browse their files
> > > Result: no handy selective restore procedure :(
> > >
> > > In the way I've proposed (like: customer can access only
> > his data) I
> > > can simply mount the tape on the tapechanger and let the
> > customer do
> > > their restore comfortably using amrecover.
> > >
> > > I'm going to have a bad shape if I cannot work around this limit.
> >
> > It could be done easily, add a dumptype entry 'restore_host'
> > which list the hostname (or ip) that can restore the DLE. The
> > amindexd an amidxtaped daemon will have to check the
> > connecting host with the host listed in restore_host for this DLE.
> >
> > Jean-Louis
> > --
> > Jean-Louis Martineau email: martineau AT IRO.UMontreal DOT CA
> > Departement IRO, Universite de Montreal
> > C.P. 6128, Succ. CENTRE-VILLE Tel: (514) 343-6111 ext. 3529
> > Montreal, Canada, H3C 3J7 Fax: (514) 343-5834
> >
>
--
Jean-Louis Martineau email: martineau AT IRO.UMontreal DOT CA
Departement IRO, Universite de Montreal
C.P. 6128, Succ. CENTRE-VILLE Tel: (514) 343-6111 ext. 3529
Montreal, Canada, H3C 3J7 Fax: (514) 343-5834
|