Zitat von r.schuitemaker AT kpn DOT com:
>>> To solve things, I've tried setting ACL's in the Console
>>> statement like this:
>>>
>>> Console {
>>> Name = Almond
>>> Password = ""
>>> ClientACL = Almond
>>> StorageACL = Almond_Storage
>>> PoolACL = Almond_Pool
>>> }
>>>
>>> But this doesn't work. I thought this would limit the client as
>>> defined in Client { Name= Almond.....} to access only the listed
>>> storage and pools (which would be great, as almond has it's own
>>> reserved pool), but it doesn't do that. I think I may be interpreting
>>> the manual the wrong way. I've googled and found several other people
>>> asking the same question, but no working answers.
>
>> The Console statement in bacula-dir.conf isn't designed to match a
>> named Client statement. You need to put a special bconsole.conf on
>> the client, so that it uses the Console directive in the
>> bacula-dir.conf.
>
>> See the restricted-user examples here:
>
>> http://www.bacula.org/5.2.x-manuals/en/main/main/Console_Configuration.html
>
>> __Martin
>
> Martin,
>
> Thanks for your answer, but that doesn't fully solve my issue. The
> root user on client A can modify his own bconsole.conf, so any
> security that depends on bconsole.conf isn't security. I only want
> to trust those clients like a bank trusts it's safety deposit box
> holders: I trust client A with the files from Client A and with
> Client A's password, but I don't trust Client A with Client B's
> files, just like the bank will trust Client A with the key to his
> box, but not with the key to Mr. B's box. I'd like the security to
> be thus that only client A can access client A's files, and nothing
> more. I don't see how I can accomplish that by using only a
> bconsole.conf on the client side. Is there any other way that you
> know of?
You might have a look at data encryption. With one certificate/key
pair per machine only the matching key owner will be able to restore
files.
Regards
Andreas
------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_sfd2d_oct
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
|