|
Packit Service |
392537 |
'\" t
|
|
Packit Service |
392537 |
.\" Title: amanda-security.conf
|
|
Packit Service |
392537 |
.\" Author: Jean-Louis Martineau <martineau@zmanda.com>
|
|
Packit Service |
392537 |
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
|
|
Packit Service |
392537 |
.\" Date: 12/01/2017
|
|
Packit Service |
392537 |
.\" Manual: File formats and conventions
|
|
Packit Service |
392537 |
.\" Source: Amanda 3.5.1
|
|
Packit Service |
392537 |
.\" Language: English
|
|
Packit Service |
392537 |
.\"
|
|
Packit Service |
392537 |
.TH "AMANDA\-SECURITY\&.C" "5" "12/01/2017" "Amanda 3\&.5\&.1" "File formats and conventions"
|
|
Packit Service |
392537 |
.\" -----------------------------------------------------------------
|
|
Packit Service |
392537 |
.\" * Define some portability stuff
|
|
Packit Service |
392537 |
.\" -----------------------------------------------------------------
|
|
Packit Service |
392537 |
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
Packit Service |
392537 |
.\" http://bugs.debian.org/507673
|
|
Packit Service |
392537 |
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
|
|
Packit Service |
392537 |
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
Packit Service |
392537 |
.ie \n(.g .ds Aq \(aq
|
|
Packit Service |
392537 |
.el .ds Aq '
|
|
Packit Service |
392537 |
.\" -----------------------------------------------------------------
|
|
Packit Service |
392537 |
.\" * set default formatting
|
|
Packit Service |
392537 |
.\" -----------------------------------------------------------------
|
|
Packit Service |
392537 |
.\" disable hyphenation
|
|
Packit Service |
392537 |
.nh
|
|
Packit Service |
392537 |
.\" disable justification (adjust text to left margin only)
|
|
Packit Service |
392537 |
.ad l
|
|
Packit Service |
392537 |
.\" -----------------------------------------------------------------
|
|
Packit Service |
392537 |
.\" * MAIN CONTENT STARTS HERE *
|
|
Packit Service |
392537 |
.\" -----------------------------------------------------------------
|
|
Packit Service |
392537 |
.SH "NAME"
|
|
Packit Service |
392537 |
amanda-security.conf \- Client configuration file for Amanda
|
|
Packit Service |
392537 |
.SH "DESCRIPTION"
|
|
Packit Service |
392537 |
.PP
|
|
Packit Service |
392537 |
\fBamanda-security.conf\fR(5)
|
|
Packit Service |
392537 |
is the security configuration file for Amanda\&. This manpage lists the relevant sections and parameters of this file\&.
|
|
Packit Service |
392537 |
.PP
|
|
Packit Service |
392537 |
The file must be installed at
|
|
Packit Service |
392537 |
\fB/etc/amanda\-security\&.conf\fR
|
|
Packit Service |
392537 |
and only root must be able to write to it\&. Good permission are:
|
|
Packit Service |
392537 |
.PP
|
|
Packit Service |
392537 |
It must be readable by the amanda user and owned by root\&. Good permissions are:
|
|
Packit Service |
392537 |
.nf
|
|
Packit Service |
392537 |
$ ls \-l /etc/amanda\-security\&.conf
|
|
Packit Service |
392537 |
\-rw\-r\-\-r\-\-\&. 1 root root 1994 Jan 29 13:45 /etc/amanda\-security\&.conf
|
|
Packit Service |
392537 |
.fi
|
|
Packit Service |
392537 |
.PP
|
|
Packit Service |
392537 |
An example file should be installed at
|
|
Packit Service |
392537 |
\fB/etc/amanda/amanda\-security\&.conf\fR\&.
|
|
Packit Service |
392537 |
.PP
|
|
Packit Service |
392537 |
All lines with \*(Aq#\*(Aq as the first character ar comment line\&.
|
|
Packit Service |
392537 |
.SH "SECURE BINARIES"
|
|
Packit Service |
392537 |
.PP
|
|
Packit Service |
392537 |
The list of all executables amanda can execute as root\&. The format is as follow:
|
|
Packit Service |
392537 |
.sp
|
|
Packit Service |
392537 |
.nf
|
|
Packit Service |
392537 |
AMANDA_PROGRAM:SYMBOLIC_NAME=REALPATH_TO_BINARY
|
|
Packit Service |
392537 |
.fi
|
|
Packit Service |
392537 |
.PP
|
|
Packit Service |
392537 |
This file must contains realpath to executable, with all symbolic links resolved\&. You can use the \*(Aqrealpath\*(Aq command to find them\&.
|
|
Packit Service |
392537 |
.PP
|
|
Packit Service |
392537 |
Multiple line can be added for the same \*(AqAMANDA_PROGRAM:SYMBOLIC_NAME\*(Aq if you are using multiple binaries\&.
|
|
Packit Service |
392537 |
.PP
|
|
Packit Service |
392537 |
The \*(AqAMANDA_PROGRAM:SYMBOLIC_NAME\*(Aq can be any of the following:
|
|
Packit Service |
392537 |
.PP
|
|
Packit Service |
392537 |
runtar:gnutar_path
|
|
Packit Service |
392537 |
.RS 4
|
|
Packit Service |
392537 |
The gnutar binary runtar is allowed to run\&. The default is `amgetconf build\&.gnutar_path`
|
|
Packit Service |
392537 |
.RE
|
|
Packit Service |
392537 |
.PP
|
|
Packit Service |
392537 |
amgtar:gnutar_path
|
|
Packit Service |
392537 |
.RS 4
|
|
Packit Service |
392537 |
The gnutar binary amgtar is allowed to run\&. The default is `amgetconf build\&.gnutar_path`
|
|
Packit Service |
392537 |
.RE
|
|
Packit Service |
392537 |
.PP
|
|
Packit Service |
392537 |
amstar:star_path
|
|
Packit Service |
392537 |
.RS 4
|
|
Packit Service |
392537 |
The star binary amstar is allowed to run\&. The default is `amgetconf build\&.star_path`
|
|
Packit Service |
392537 |
.RE
|
|
Packit Service |
392537 |
.PP
|
|
Packit Service |
392537 |
ambsdtar:bsdtar_path
|
|
Packit Service |
392537 |
.RS 4
|
|
Packit Service |
392537 |
The bsdtar binary ambsdtar is allowed to run\&. The default is `amgetconf build\&.bsdtar_path`
|
|
Packit Service |
392537 |
.RE
|
|
Packit Service |
392537 |
.SH "OTHERS SECURITY PARAMETERS"
|
|
Packit Service |
392537 |
.PP
|
|
Packit Service |
392537 |
restore_by_amanda_user=[yes|no]
|
|
Packit Service |
392537 |
.RS 4
|
|
Packit Service |
392537 |
Default: no\&. Set to \*(Aqyes\*(Aq if you want the amanda user to restore file as root, required only if you run amgtar, amstar or ambsdtar as the amanda backup for recovery\&.
|
|
Packit Service |
392537 |
.RE
|
|
Packit Service |
392537 |
.PP
|
|
Packit Service |
392537 |
tcp_port_range=int,int
|
|
Packit Service |
392537 |
.RS 4
|
|
Packit Service |
392537 |
Default: no\&. Must be set to the range of privileged tcp port amanda can use, required for bsdtcp and krb5 auth\&. The range is inclusive
|
|
Packit Service |
392537 |
.sp
|
|
Packit Service |
392537 |
You can find the range you are configured to use with:
|
|
Packit Service |
392537 |
.nf
|
|
Packit Service |
392537 |
amgetconf CONF reserved\-udp\-port
|
|
Packit Service |
392537 |
.fi
|
|
Packit Service |
392537 |
.RE
|
|
Packit Service |
392537 |
.PP
|
|
Packit Service |
392537 |
udp_port_range=int,int
|
|
Packit Service |
392537 |
.RS 4
|
|
Packit Service |
392537 |
Default: no\&. Must be set to the range of privileged udp port amanda can use, required for bsd and bsdudp auth\&. The range is inclusive
|
|
Packit Service |
392537 |
.sp
|
|
Packit Service |
392537 |
You can find the range you are configured to use with:
|
|
Packit Service |
392537 |
.nf
|
|
Packit Service |
392537 |
amgetconf CONF reserved\-udp\-port
|
|
Packit Service |
392537 |
.fi
|
|
Packit Service |
392537 |
.RE
|
|
Packit Service |
392537 |
.SH "SEE ALSO"
|
|
Packit Service |
392537 |
.PP
|
|
Packit Service |
392537 |
\fBamanda\fR(8),
|
|
Packit Service |
392537 |
\fBamanda.conf\fR(5)
|
|
Packit Service |
392537 |
.PP
|
|
Packit Service |
392537 |
The Amanda Wiki:
|
|
Packit Service |
392537 |
: http://wiki.zmanda.com/
|
|
Packit Service |
392537 |
.SH "AUTHOR"
|
|
Packit Service |
392537 |
.PP
|
|
Packit Service |
392537 |
\fBJean\-Louis Martineau\fR <\&martineau@zmanda\&.com\&>
|
|
Packit Service |
392537 |
.RS 4
|
|
Packit Service |
392537 |
Zmanda, Inc\&. (http://www\&.zmanda\&.com)
|
|
Packit Service |
392537 |
.RE
|