[pkg-bacula-devel] Bug#683080: bacula-fd: build with libcap-dev, don't enable it by default
Geert Stappers
Geert.Stappers at vanadgroup.com
Wed Aug 8 07:29:30 UTC 2012
Op 20120807 om 22:18 schreef Elrond:
> On Fri, Aug 03, 2012 at 16:12:58 +0200, Luca Capello wrote:
> [...]
> > I would go even further: if I read it correctly, this should improves
> > security, so I was wondering if it would be better to have it by
> > default...
Please don't. Avoid stiffeling the restore.
> This is quite attractive, I can understand that.
>
> Really I would love to see this.
>
> BUT ...
>
> ... it will stop nice restores.
s/nice restore/plain restore/
> You have to restore to /tmp and all the restored files will
> be owned by nobody and not the original owner.
> I don't know if people are ready for this.
I'm a smart part of people,
I expect that a restore goes the same way as backup,
no so detour trough /tmp with chown.
> In a first step, I would suggest to add the capability
> support, so that users can play with this feature and
> learn.
>
> In a second step, I would suggest making it easy for users
> to enable this feature (maybe commented version in
> /etc/default/bacula-fd?)
> Or maybe add a debconf knob directly? So that people can
> enable it easily while installing bacula-fd on all of their
> client machines?
I do understand the good intention to add a new feature, but I think
that default "read only capability feature" for bacula-fd is wrong.
> Just my personal thoughts.
Yes, this E-mail is also sharing my thoughts (and worries).
<joke consider="some what sick">
To prevent bacula-fd default started with -k option,
I will not contribute any code.
</joke>
>
> Cheers
>
> Elrond
Groeten
Geert Stappers
Agreeing on the build with libcap-dev, not on enabling it by default
More information about the pkg-bacula-devel
mailing list