[pkg-bacula-devel] Bug#699149: Bug#699149: bacula-fd: should not run as 'root' by default
Teodor MICU
mteodor at gmail.com
Wed Jan 30 09:19:13 UTC 2013
2013/1/29 Alexander Golovko <alexandro at ankalagon.ru>:
>> ARGS="-u bacula -g bacula -k"
>>
>> I think that from a security perspective this should be the default
>> on package installation.
>
> This will lead to impossibility to restore backups without
> restarting bacula-fd. This is also can require changing user scripts
> for dump databases and such. This can confuse peoples.
I'm having this setup and I can restore backups just fine. Of course,
the restore directory must be rwx by bacula or mode 1777.
About the other thing (ie. dump databases), I can't tell.
> I think, we should not change defaults, however, this functionality
> described in README.Debian.gz (USERS & SECURITY).
But you do for bacula-dir and bacula-sd, why not for bacula-fd?
> bacula-fd init script correctly work without /e/d/bacula-fd.
Right. I thought that it depends on setting ENABLED="yes" but I see
now that it checks for "no".
> But there is a reason for set defaults in init scripts for
> bacula-director and bacula-sd and comment defaults in /e/d/bacula-*
Can you detail a little? I don't understand what you're trying to say.
Cheers
More information about the pkg-bacula-devel
mailing list