[pkg-bacula-devel] Bug#683080: Bug#683080: bacula-fd: build with libcap-dev, don't enable it by default

Luca Capello luca at pca.it
Fri Aug 10 13:40:18 UTC 2012


Hi there!

Re-adding Enlrond to the Cc:, I am sorry if you are subscribed to
pkg-bacula-devel@ and thus get this twice.

On Wed, 08 Aug 2012 09:29:30 +0200, Geert Stappers wrote:
> Op 20120807 om 22:18 schreef Elrond:
>> On Fri, Aug 03, 2012 at 16:12:58 +0200, Luca Capello wrote:
>> [...]
>> > I would go even further: if I read it correctly, this should improves
>> > security, so I was wondering if it would be better to have it by
>> > default...
>
> Please don't. Avoid stiffeling the restore.
[...]
>> You have to restore to /tmp and all the restored files will
>> be owned by nobody and not the original owner.
>> I don't know if people are ready for this.
>
> I'm a smart part of people,
> I expect that a restore goes the same way as backup,
> no so detour trough /tmp with chown.

Fully ACK, I did not try the other part of the pie before shouting my
opinion, sorry :-0

>> In a first step, I would suggest to add the capability
>> support, so that users can play with this feature and
>> learn.
>> 
>> In a second step, I would suggest making it easy for users
>> to enable this feature (maybe commented version in
>> /etc/default/bacula-fd?)
>> Or maybe add a debconf knob directly? So that people can
>> enable it easily while installing bacula-fd on all of their
>> client machines?

Good options, even if I now fails to see who would like to use such an
option if it renders restoring harder.

Thx, bye,
Gismo / Luca
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-bacula-devel/attachments/20120810/4e7ca98c/attachment.pgp>


More information about the pkg-bacula-devel mailing list