tl;dr: RTFM Bacula Enterprise has full restricted-user controls, if desired.
ie: User X can only access a subset of backups, user Y can only access a different subset. That's also there in community version 7.2 - see section 20.4 of the main reference manual. HOWEVER: In a network with "hundreds of hosts", you really should be taking enterprise support and not trying to cut corners by using the community version. On 18/12/15 13:36, H. Steuer wrote: > Hello, > > our current understanding of the bacula security model is, that it is > not possible to disable the anonymous aka default console. > This leads to the fact that all users having root access to one of the > clients does have access to all data that was backed up > by bacula. > In a network with hundrets of hosts, it is very likely that there are > users with root access on one or the other machine. Mail > server admins have to manage their systems, web server admins manage > theirs. But simply installing bconsole and > accessing the director with the anonymous console enables each of them > to fully access the backup of all machines. This > means that if a user has root access to one client, he has kind of > full access to all backed up hosts. > > Hopefully there is something that I misunderstood. As this makes all > firewalls and ACL controls in a network useless if > Bacula really opens up the gates in that way. > > Thanks for enlightening me. > > Cheers, > Heri > > > ------------------------------------------------------------------------------ > > > _______________________________________________ > Bacula-users mailing list > Bacula-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bacula-users
------------------------------------------------------------------------------
_______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
