Masopust, Christian wrote:
> Hello,
>
> i tried to configure my wxconsole to only allow the "restore mode".
>
>
> my bacula-dir.conf is:
>
> Director { # define myself
> Name = atpcc7fc-dir
> DIRport = 9101 # where we listen for UA connections
> QueryFile = "/opt/bacula/etc/query.sql"
> WorkingDirectory = "/var/bacula"
> PidDirectory = "/var/run"
> Password = "DirectorPassword"
> Messages = Daemon
> Maximum Concurrent Jobs = 20
> FD Connect Timeout = 5 minutes
> }
>
> ....
>
> Console {
> Name = RestoreClients
> Password = "RestorePassword"
> ClientACL = *all*
> StorageACL = *all*
> JobACL = RestoreFiles
> CatalogACL = DefaultCatalog
> }
>
> ...
>
>
> wx-console.conf is:
>
> Director {
> Name = atpcc7fc-dir
> DIRport = 9101
> address = <director-dns>
> Password = "DirectorPassword"
> }
>
> Console {
> Name = RestoreClients
> Password = "RestorePassword"
> }
>
> then i'll don't get any filesets from the director (.filesets gives empty
> list, no
> error-message). so, what is wrong with my "Console" in bacula-dir.conf?
> What are the correct ACL-settings so that only restore (and maybe status)
> commands
> are possible?
>
> thanks a lot,
> christian
In the director, try :
Console {
Name = RestoreClients
Password = "RestorePassword"
ClientACL = *all*
PoolACL = *all*
StorageACL = *all*
JobACL = RestoreFiles
FileSetACL = <the fileset used with backup>
CatalogACL = DefaultCatalog
CommandACL = restore , status, .status, quit,q , help, messages,m
}
In your wx-console.conf , change
Password = "DirectorPassword" to
Password = "bogus password, NOT the director or restore password"
And the console will forced to use the RestorePassword in the Console{}
section , and ACL's will apply.
At least this is how I got it to work. , but I have one
ClientACL,JobACL,FileSetACL for each client, and 4 different
pools, and also allow "run" in the CommandACL so a backup can be started
from the client. Well, I don't think it's wise to allow *all* in the
ClientACL , I have ONE client that can do this, but that one has the
directors password in the Director {} section and can do anything,
and have no ACL directives at all.
/birre
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Bacula-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/bacula-users
