Bacula-users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Bacula-users] Restricting who can restore data from which system to where

2012-10-19 14:10:48
Subject: Re: [Bacula-users] Restricting who can restore data from which system to where
From: Tom Berchenbriter <tom AT vidadiagnostics DOT com>
To: r.schuitemaker AT kpn DOT com
Date: Fri, 19 Oct 2012 12:37:41 -0500

You may be able to do this with puppet

On Oct 18, 2012 2:24 AM, <r.schuitemaker AT kpn DOT com> wrote:

All our clients have a bconsole.conf like that, each with their own password. I can remove those bconsole.conf files from the clients, but then my clients wouldn’t be able to do restores of their own files either. What I’m specifically looking for is a way to configure things such that client X can only access files/jobs for/from client X, but not those of client Y.

 

Oh, because I forgot in my original mail, I’m running Bacula 5.2.6 on Solaris 10 Sparc (147440-21).

 

 

 

R.Schuitemaker

NETCO End2End Voice Services IMS

(070-45) 11578

 

 

 

>From: "r.schuitemaker AT kpn DOT com" <r.schuitemaker AT kpn DOT com>
>To: bacula-users AT lists.sourceforge DOT net
>Sent: Wednesday, October 17, 2012 8:24 AM
>Subject: [Bacula-users] Restricting who can restore data from which system to where

> 

>Hello All,

> 

> 

>I’ve set up a bacula server to do backups of some 10 systems. It’s a small-scale test setup to serve as a proof of concept and testing ground for >a to-be-deployed larger setup (~300-400 systems).

>I have those clients, in this case a server named “almond”, with  it’s own Device ( a ZFS filesystem), it’s own Storage and Pool definitions >etc. (Please note: I’m testing with making a configuration wherein each client has it’s own pool/storage/device in it’s own zfs filesystem. In the >current config, almond is the only client for which this is  configured like this. This shouldn’t change anything though) The config is below.  >This setup works very well, I can do parallel backups etc. and have great control over retention etc. The problem is that all clients that use that >Director can do restore actions to themselves of data from any other client.

 

I'm not sure how yours is set up, but on mine I had to go out of my way to make it possible for clients to do any restores.

 

On the client, I had to create a bconsole.conf, such as:

 

Director {
  Name = bacula-dir
  DIRport = 9101
  address = bacula-server
  Password = "someBigUglyPasswordWitchMatchesTheOneOnTheBaculaServer"
}

If that file wasn't present, the client couldn't access the backups.


------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_sfd2d_oct
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users

------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_sfd2d_oct
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Bacula-users] Is tape filling up too early?, Sergio Belkin
Next by Date:  Re: [Bacula-users] Is tape filling up too early?, Diego Rubert
Previous by Thread:  Re: [Bacula-users] Restricting who can restore data from which system to where, r.schuitemaker
Next by Thread:  Re: [Bacula-users] Restricting who can restore data from which system to where, Martin Simmons
Indexes:  [Date] [Thread] [Top] [All Lists]