[pkg-bacula-devel] Bug#699149: Bug#699149: bacula-fd: should not run as 'root' by default

Teodor MICU mteodor at gmail.com
Wed Jan 30 09:19:13 UTC 2013

2013/1/29 Alexander Golovko <alexandro at ankalagon.ru>:
>>   ARGS="-u bacula -g bacula -k"
>> I think that from a security perspective this should be the default
>> on package installation.
> This will lead to impossibility to restore backups without
> restarting bacula-fd. This is also can require changing user scripts
> for dump databases and such. This can confuse peoples.

I'm having this setup and I can restore backups just fine. Of course,
the restore directory must be rwx by bacula or mode 1777.

About the other thing (ie. dump databases), I can't tell.

> I think, we should not change defaults, however, this functionality
> described in README.Debian.gz (USERS & SECURITY).

But you do for bacula-dir and bacula-sd, why not for bacula-fd?

> bacula-fd init script correctly work without /e/d/bacula-fd.

Right. I thought that it depends on setting ENABLED="yes" but I see
now that it checks for "no".

> But there is a reason for set defaults in init scripts for
> bacula-director and bacula-sd and comment defaults in /e/d/bacula-*

Can you detail a little? I don't understand what you're trying to say.


More information about the pkg-bacula-devel mailing list