----- Original Message ----- > From: "Peter Keller" <pkel...@sift.net> > To: "Heitor Faria" <hei...@bacula.com.br> > Cc: "Bacula Users List" <bacula-users@lists.sourceforge.net> > Sent: Wednesday, February 24, 2016 9:39:13 PM > Subject: Re: [Bacula-users] restricted consoles and uids
> Hello, > > On 02/24/2016 05:50 PM, Heitor Faria wrote: >> *Minor correction: >> >> cat /usr/sbin/baculejo >> =========================>8 Cut Here >8=========================== >> DIR_NAME=hfaria-K46CB-dir >> DIR_ADDRESS=localhost >> >> echo " Director { >> Name = $DIR_NAME >> DIRport = 9101 >> Address = $DIR_ADDRESS >> Password = "xxxx" >> } >> >> Console { >> Name = $USER >> Password = "password" >> }" > /tmp/baculejo.conf >> >> bconsole -c /tmp/baculejo.conf > > I see why this works, but it tells me there is no way in bacula > to perform the configuration in question without resorting to > either a wrapper script, some other out of band solution, or > implementing code in bacula. Also, all users would have the > same Password, and there would be nothing stopping them from > just writing a baculejo.conf for root and escalating > themselves into administrative privileges in bacula's console. Hello, Peter. You are right in all your affirmatives. 'root' was just one example, but I though you would use less generic users for this solution. I think you can improve the security issues of this script, e.g., replacing the $USER for CONUSER=$(id -u -n) making harder for user spoofing. If you have all workstation secure authenticated in your directory service (assuming you have one) I think you can improve the security even more. Besides that I think UI with directory service integration would be Bacula Enterprise Bweb or any Apache one (Webacula, baculum etc.). Where you see 'band solutions' I see lot's of possibilities. Perhaps not the free plug'n'play one you were expecting. =) > Thank you. > > -pete Regards, -- =========================================================================== Heitor Medrado de Faria - LPIC-III | ITIL-F | Bacula Systems Certified Administrator II Do you need Bacula training? http://bacula.us/video-classes/ +55 61 8268-4220 Site: http://bacula.us FB: heitor.faria =========================================================================== ------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140 _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users