Olivier Nicole schrieb:
The problem is that amandapass must be mode 600 and belong to
amanda:amanda. If the web server does not run as amanda:amanda it
needs some mechanism (home made?) to allow to edit the file. That
mechanism could introduce other security threat.
Write the entries to amandapass~ and before your cronjob starts amdump,
cp amandapass~ amandapass
OK that is not full security, but then amanda server is not
> physically secured either, ...
Here the backup server is secured special, because it can collect all data of
all server, so it's one of the most important server to secure.
> any local user can access the machine and could steal the hard disk.
> Or steal one of the disk holding the virtual tapes.
Aren't the doors locked? Or the servers secured in a different way?
Regards
Marc
--
Marc Muehlfeld (Leitung IT)
Zentrum fuer Humangenetik und Laboratoriumsmedizin Dr. Klein und Dr. Rost
Lochhamer Str. 29 - D-82152 Martinsried
Telefon: +49(0)89/895578-0 - Fax: +49(0)89/895578-78
http://www.medizinische-genetik.de
|