Hello Bill,
you are right, but there is a serious side effect. Heres a statement
from the Bacula docs:
The first console type is an anonymous or default console, which
has full privileges. There is no console resource necessary for
this type since the password is specified in
On 12/18/15 11:34, H. Steuer wrote:
>
> Hello Bill,
>
> you are right, but there is a serious side effect. Heres a statement
> from the Bacula docs:
>
>
> The first console type is an anonymous or default console, which
> has full privileges. There is no console resource necessary f
Hello,
If you have hundreds of users with root access and they can access
the Bacula Director machine as root, you have a far bigger
security problem than just Bacula, since they can do anything to
your machines and the Bacula Director machine, and there is
On 12/18/15 11:56, Kern Sibbald wrote:
> Hello,
>
> If you have hundreds of users with root access and they can access the
> Bacula Director machine as root, you have a far bigger security problem
> than just Bacula, since they can do anything to your machines and the
> Bacula Director machine, an
Hello Kern,
thanks for your comment. Probably I did not understand the security
model of Bacula so far. Furthermore, you misread my
post. The point is not anybody having root access to the Bacula server -
thats absolutely not the case. And there are just very few users with
root access on servers.
On 18.12.2015 18:01, Phil Stracchino wrote:
> On 12/18/15 11:56, Kern Sibbald wrote:
>> Hello,
>>
>> If you have hundreds of users with root access and they can access the
>> Bacula Director machine as root, you have a far bigger security problem
>> than just Bacula, since they can do anything to y
On 18/12/15 18:01, H. Steuer wrote:
>
> In fact the whole discussion breaks down to a very simple question:
> /
> //Is the director password thats stored in the file daemon
> configuration on a client machine the same password that gains me
> administrative access to the director using bconsole./
>
On 12/18/2015 06:46 PM, H. Steuer
wrote:
Hello Kern,
thanks for your comment. Probably I did not understand the
security model of Bacula so far. Furthermore, you misread my
post. The point is not anybody having root access to
> On 12/18/2015 06:46 PM, H. Steuer wrote:
>> Hello Kern,
>> thanks for your comment. Probably I did not understand the security model of
>> Bacula so far. Furthermore, you misread my
>> post. The point is not anybody having root access to the Bacula server -
>> thats
>> absolutely not the case.
Hello Heri,
Maybe the misunderstanding here is because in bacula-fd.conf the client's
password used for communicating with director is in a director resource.
All the daemons (clients and storages daemons) have their own passwords for
communicating with director, not for communicating with bconsol
Maybe this confusion could have been avoided if there wouldn't be
"anonymous" written in the manual - because it indeed is not "anonymous"
as such :)
--
Silver
On 18.12.2015 18:34, H. Steuer wrote:
Hello Bill,
you are right, but there is a serious side effect. Heres a statement
from the Ba
11 matches
Mail list logo
