On 2007-11-02 14:45, Philipp Geschke wrote:

I want to set up amanda in an unsecure multiuser environment.
I want every user (maschine) to have access to their own backup only.
But what happens right now is, as soon as a host is authenticated, it
needs only to know the configurations name and the name of the host he
wants the backup from, and it can access what ever it wants using the
sethost command in amrecover (eg. amrecover -C test  >> sethost
test.testdomain.local).

So, basically my question comes down to this:
Does amanda support something like an acl to limit one host to one
backup instead of opening all backups to any host that is allowed to
connect to the index and tapeserver?

What I would do is to edit the .amandahost on the server
and do not allow any host to restore anything.  And when someone needs
to restore something, then temporarily add an entry for that host.
And tell the user that you will monitor his restore actions (you
can find those in the amanda-debug dir on the server).
When finished, disallow access again, by editing the .amandahosts
file on the server.

Not perfect, but you wouldn't expect to automate security in a
non-secure environment, do you?


--
Paul Bijnens, xplanation Technology Services        Tel  +32 16 397.511
Technologielaan 21 bus 2, B-3001 Leuven, BELGIUM    Fax  +32 16 397.512
http://www.xplanation.com/          email:  Paul.Bijnens AT xplanation DOT com
***********************************************************************
* I think I've got the hang of it now:  exit, ^D, ^C, ^\, ^Z, ^Q, ^^, *
* F6, quit, ZZ, :q, :q!, M-Z, ^X^C, logoff, logout, close, bye, /bye, *
* stop, end, F3, ~., ^]c, +++ ATH, disconnect, halt,  abort,  hangup, *
* PF4, F20, ^X^X, :D::D, KJOB, F14-f-e, F8-e,  kill -1 $$,  shutdown, *
* init 0, kill -9 1, Alt-F4, Ctrl-Alt-Del, AltGr-NumLock, Stop-A, ... *
* ...  "Are you sure?"  ...   YES   ...   Phew ...   I'm out          *
***********************************************************************