To my mind this should be possible like this:
Console {
Name =
con-client-note
Password = "clientpassword"
ClientACL =
client-note-fd
JobACL = client-note
StorageACL = storage-client-note
PoolACL = pool-default, pool-client-note-full, pool-client-note-incr
FileSetACL = client-note
CatalogACL = MySQL
CommandACL = status, run,
.status, restore, list, help, .jobs, .clients, .filesets, .pools,
.storage, .defaults, .backups
}
If you want to use Bat, you have to
also include .sql command, but as I understand it, this opens up a
security hole in the server as a customized console could execute any
SQL-command through that. Please correct me if I'm wrong.
---
Silver
On Thu, 17 Nov 2011 23:30:54 +0100, Alexandre Chapellon
wrote:
> I don't think this is even possible. Bacula is not designed
for shared environements.
> Not possible... until someelse tells how to
do it.
>
> regards
>
> Le 17/11/2011 17:25, vishal veerkar a écrit :
>
>> I have achieved the expected by adding "sqlquery" in
CommandACL.
>>
>> But still the bigger picture remains unknown to me.
How i can restrict a client console to see only his own Job related
information. Because currently i am able to below things:
>>
>> 1. Able
to see the Jobs completed for other clients
>> 2. Able to fire a restore
job for other client and restore the files on local machine( Security
breach)
>> 3. Able to see the list of total jobs configured on the
director (Backup+ Restore).
>>
>> The requirement is to isolate every
client from other and show him information only related his own.
>>
>>
Regards,
>>
>> Vishal Veerkar
>>
>> On Wed, Nov 16, 2011 at 7:19 PM,
vishal veerkar wrote:
>>
>>> Just to add,
>>>
>>> [root@test ~]#
bconsole
>>> Connecting to Director bacula3:9101
>>> 1000 OK:
bacula3-dir Version: 5.0.3 (04 August 2010)
>>> Enter a period to cancel
a command.
>>> *restore
>>> Automatically selected Catalog:
MyCatalog
>>> Using Catalog "MyCatalog"
>>>
>>> First you select one or
more JobIds that contain files
>>> to be restored. You will be presented
several methods
>>> of specifying the JobIds. Then you will be allowed
to
>>> select which files from those JobIds are to be restored.
>>>
>>>
To select the JobIds, you have the following choices:
>>> 1: List last
20 Jobs run
>>> 2: List Jobs where a given File is saved
>>> 3: Enter
list of comma separated JobIds to select
>>> 4: Enter SQL list
command
>>> 5: Select the most recent backup for a client
>>> 6: Select
backup for a client before a specified time
>>> 7: Enter a list of files
to restore
>>> 8: Enter a list of files to restore before a specified
time
>>> 9: Find the JobIds of the most recent backup for a client
>>>
10: Find the JobIds for a backup for a client before a specified
time
>>> 11: Enter a list of directories to restore for found JobIds
>>>
12: Select full restore to a specified Job date
>>> 13: Cancel
>>>
Select item: (1-13): 1
>>> SQL QUERY NOT AUTHORIZED.
>>>
>>>
Regards,
>>>
>>> Vishal
>>>
>>> On Wed, Nov 16, 2011 at 6:52 PM,
vishal veerkar wrote:
>>>
>>>> Hi,
>>>>
>>>> I am currently running a
multi customer (shared) env. backup system. How i can restrict the
client to only see the successful jobs for his own backup client on
bconsole. Currently i have only given the "CommandACL = run, restore,
messages, .messages". If i give "list" option the end user, he also gets
access to all the other resources such as pools, volume etc. I would
only like to have customer should only see his own jobs status.
>>>>
>>>> Thanks in advance.
>>>>
>>>> --
>>>> With regards,
>>>>
>>>>
Vishal Veerkar
Links:
------
[1] mailto:[email protected]
[2]
mailto:[email protected]
<<attachment: horoa_sig.png>>
------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-novd2d
_______________________________________________ Bacula-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/bacula-users
