Attachments: Message as HTML
First of all I'm don't have much experience.
I'm using bacula 2.0.2 on openSUSE 10.2.
My problem is that I want to restrict where a named console(supposed to
belong to a user) can do it's restores. I have tried to set WhereACL =
"/tmp/bacula-restores", but when I run the restore y use the mod option and
it lets me do the restore anywhere I want. I want to restrict restore paths.
Here are the configuration files:
- user1.conf (bconsole.conf):
Director {
Name = linux-portatil-dir
DIRport = 9101
address = linux-portatil
Password = "x"
}
Console {
Name = usuario1
Password = "aceroazul"
}
- bconsole.conf:
Director { # define myself
Name = linux-portatil-dir
...
QueryFile = "/etc/bacula/query.sql"
Maximum Concurrent Jobs = 1
Password = "x" # Console password
}
Console {
Name = usuario1
Password = "aceroazul"
CatalogACL = MyCatalog
ClientACL = linux-portatil-fd
JobACL = RestoreFiles
PoolACL = Default
StorageACL = File
FileSetACL = "Full Set"
CommandACL = status, restore
WhereACL = "/tmp/bacula-restores"
}
Job {
Name = "RestoreFiles"
Type = Restore
Client=linux-portatil-fd
FileSet="Full Set"
Storage = File
Pool = Default
Where = /tmp/bacula-restores
}
FileSet {
Name = "Full Set"
Include { File = /home/bacula/bacula-2.0.2 }
}
Catalog {
Name = MyCatalog
dbname = bacula; user = bacula; password = "x"
}
I also executed ./bconsole usuario1 as non root and it would still let
me write anywhere. I guess that's because director is being executed
as root.
One more thing. I've been reading the user's mailing list to find out
about managing users. If I don't want user A to restore information
belonging to user B, is having one catalog per user the right
solution?
