Op 20121019 om 18:13 schreef Martin Simmons:
> >>>>> On Wed, 17 Oct 2012 17:24:06 +0200,   said:
> > 
> > To solve things,  I've tried setting ACL's in the Console statement like 
> > this:
> > 
> > Console {
> >   Name = Almond
> >   Password = ""
> >   ClientACL = Almond
> >   StorageACL = Almond_Storage
> >   PoolACL = Almond_Pool
> > }
> > 
> > But this doesn't work. I thought this would limit the client as defined in
> > Client { Name= Almond.....}  to access only the listed storage and pools
> > (which would be great, as almond has it's own reserved pool), but it doesn't
> > do that. I think I may be interpreting the manual the wrong way. I've
> > googled and found several other people asking the same question, but no
> > working answers.
> The Console statement in bacula-dir.conf isn't designed to match a named
> Client statement.  You need to put a special bconsole.conf on the client, so
> that it uses the Console directive in the bacula-dir.conf.
> See the restricted-user examples here:
> http://www.bacula.org/5.2.x-manuals/en/main/main/Console_Configuration.html
> __Martin

To cover the
> > I can even create my own /etc/passwd and /etc/shadow on my own system
> > “pine”,with my passwords for known accounts, make a backup of it,
> > then use the above method to “restore” it to the almond server,
> > thereby disallowing authorized users (as their accounts will be gone)
> > and allowing myself access (as I have all users/passwords).

I want to add
to this thread, where
| Read-only File Daemon using capabilities
| This feature implements support of keeping ReadAll capabilities
| after UID/GID switch, this allows FD to keep root read but drop write
| permission.
| It introduces new bacula-fd option (-k) specifying that ReadAll
| capabilities should be kept after UID/GID switch.
|   root@localhost:~# bacula-fd -k -u nobody -g nobody
| The code for this feature was contributed by our friends at AltLinux.
is said.

Geert Stappers
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
Bacula-users mailing list

Reply via email to