Hello,
I'm trying to configure a "secure" bwx-console.conf file. Files in my
Server and Client are configured as you can see here:
SERVER:
bacula-dir.conf:
Director {
Name = server_name
DIRport = 9101
QueryFile = "/etc/bacula/query.sql"
WorkingDirectory = "/var/lib/bacula"
PidDirectory = "/var/run/bacula"
Maximum Concurrent Jobs = 3
Password = "password"
Messages = Daemon
DirAddress = IP_Address # :)
}
Console {
Name = usuarios
Password = "abcde"
JobACL = Backup-clientA, RestoreFiles
ScheduleACL = *all*
ClientACL = clientA-fd
FileSetACL = Usuario-Windows
CatalogACL = Catalogo-USUARIOS
CommandACL =
setdebug,cancel,disable,estimate,help,messages,restore,run,status,exit,.backups,.clients,.defaults,.exit,.filesets,.help,.jobs,.messages,.pools,.quit,.status,.storage
StorageACL = *all*
PoolACL = Incr_USUARIOS
}
CLIENT:
bwx-console.conf:
Director {
Name = server_name
DIRport = 9101
address = IP_Address
Password = "xxxxx" # an incorrect password!!
}
Console {
Name = usuarios
Password = "abcde" # the same password there is in the
bacula-dir.conf
}
bacula-fd.conf:
FileDaemon {
Name = clientA-fd
FDport = 9102 # where we listen for the director
WorkingDirectory = "C:\\Documents and Settings\\All Users\\Datos de
programa\\Bacula\\Work"
Pid Directory = "C:\\Documents and Settings\\All Users\\Datos de
programa\\Bacula\\Work"
Maximum Concurrent Jobs = 1
}
#
# List Directors who are permitted to contact this File daemon
#
Director {
Name = server_name
Password = "password"
Address = IP_Address
}
#
# Restricted Director, used by tray-monitor to get the
# status of the file daemon
#
Director {
Name = clientA-mon
Password = "password"
Monitor = yes
}
Messages {
Name = Standard
director = server_name = all, !skipped, !restored
}
With this configuration, users can do only command listed in
"CommandACL" (it is OK!!), but if a user modify his files and removes
Console in bwx-console and changes password value (he can see in
bacula-fd.conf that password is "password"), he obtain a full console...
If I changes passowd value in "bacula-fd.conf" by a wrong value, client
can't connect, even console values in bwx-console.conf...
How can I configure server and client for avoid user manipulation and
avoid a "normal" user to get a full console??
Thanks..
P.D.: bufff, my english is poooooooor...
|
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
|