|
Packit Service |
392537 |
|
|
Packit Service |
392537 |
|
|
Packit Service |
392537 |
"http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd"
|
|
Packit Service |
392537 |
[
|
|
Packit Service |
392537 |
|
|
Packit Service |
392537 |
|
|
Packit Service |
392537 |
%global_entities;
|
|
Packit Service |
392537 |
]>
|
|
Packit Service |
392537 |
|
|
Packit Service |
392537 |
<refentry id='amanda-security.conf.5'>
|
|
Packit Service |
392537 |
|
|
Packit Service |
392537 |
<refmeta>
|
|
Packit Service |
392537 |
<refentrytitle>amanda-security.conf</refentrytitle>
|
|
Packit Service |
392537 |
<manvolnum>5</manvolnum>
|
|
Packit Service |
392537 |
&rmi.source;
|
|
Packit Service |
392537 |
&rmi.version;
|
|
Packit Service |
392537 |
&rmi.manual.5;
|
|
Packit Service |
392537 |
</refmeta>
|
|
Packit Service |
392537 |
<refnamediv>
|
|
Packit Service |
392537 |
<refname>amanda-security.conf</refname>
|
|
Packit Service |
392537 |
<refpurpose>Client configuration file for Amanda</refpurpose>
|
|
Packit Service |
392537 |
</refnamediv>
|
|
Packit Service |
392537 |
<refentryinfo>
|
|
Packit Service |
392537 |
&author.jlm;
|
|
Packit Service |
392537 |
</refentryinfo>
|
|
Packit Service |
392537 |
|
|
Packit Service |
392537 |
|
|
Packit Service |
392537 |
<refsect1><title>DESCRIPTION</title>
|
|
Packit Service |
392537 |
<para>&amsecurityconf; is the security configuration file for Amanda. This manpage lists the
|
|
Packit Service |
392537 |
relevant sections and parameters of this file.</para>
|
|
Packit Service |
392537 |
<para>The file must be installed at <emphasis remap='B'>/etc/amanda-security.conf</emphasis> and only root must be able to write to it. Good permission are:</para>
|
|
Packit Service |
392537 |
<para>It must be readable by the amanda user and owned by root. Good permissions are:</para>
|
|
Packit Service |
392537 |
<programlisting>
|
|
Packit Service |
392537 |
$ ls -l /etc/amanda-security.conf
|
|
Packit Service |
392537 |
-rw-r--r--. 1 root root 1994 Jan 29 13:45 /etc/amanda-security.conf
|
|
Packit Service |
392537 |
</programlisting>
|
|
Packit Service |
392537 |
|
|
Packit Service |
392537 |
<para>An example file should be installed at <emphasis remap='B'>/etc/amanda/amanda-security.conf</emphasis>.</para>
|
|
Packit Service |
392537 |
<para>All lines with '#' as the first character ar comment line.</para>
|
|
Packit Service |
392537 |
</refsect1>
|
|
Packit Service |
392537 |
|
|
Packit Service |
392537 |
<refsect1><title>SECURE BINARIES</title>
|
|
Packit Service |
392537 |
<para>The list of all executables amanda can execute as root.
|
|
Packit Service |
392537 |
The format is as follow:
|
|
Packit Service |
392537 |
<programlisting>
|
|
Packit Service |
392537 |
AMANDA_PROGRAM:SYMBOLIC_NAME=REALPATH_TO_BINARY
|
|
Packit Service |
392537 |
</programlisting></para>
|
|
Packit Service |
392537 |
<para>This file must contains realpath to executable, with all symbolic links resolved.
|
|
Packit Service |
392537 |
You can use the 'realpath' command to find them.</para>
|
|
Packit Service |
392537 |
<para>Multiple line can be added for the same 'AMANDA_PROGRAM:SYMBOLIC_NAME' if you are using multiple binaries.</para>
|
|
Packit Service |
392537 |
<para>The 'AMANDA_PROGRAM:SYMBOLIC_NAME' can be any of the following:</para>
|
|
Packit Service |
392537 |
<variablelist remap='TP'>
|
|
Packit Service |
392537 |
<varlistentry>
|
|
Packit Service |
392537 |
<term>runtar:gnutar_path</term>
|
|
Packit Service |
392537 |
<listitem>
|
|
Packit Service |
392537 |
<para>The gnutar binary runtar is allowed to run. The default is `amgetconf build.gnutar_path`</para></listitem>
|
|
Packit Service |
392537 |
</varlistentry>
|
|
Packit Service |
392537 |
|
|
Packit Service |
392537 |
<varlistentry>
|
|
Packit Service |
392537 |
<term>amgtar:gnutar_path</term>
|
|
Packit Service |
392537 |
<listitem>
|
|
Packit Service |
392537 |
<para>The gnutar binary amgtar is allowed to run. The default is `amgetconf build.gnutar_path`</para></listitem>
|
|
Packit Service |
392537 |
</varlistentry>
|
|
Packit Service |
392537 |
|
|
Packit Service |
392537 |
<varlistentry>
|
|
Packit Service |
392537 |
<term>amstar:star_path</term>
|
|
Packit Service |
392537 |
<listitem>
|
|
Packit Service |
392537 |
<para>The star binary amstar is allowed to run. The default is `amgetconf build.star_path`</para></listitem>
|
|
Packit Service |
392537 |
</varlistentry>
|
|
Packit Service |
392537 |
|
|
Packit Service |
392537 |
<varlistentry>
|
|
Packit Service |
392537 |
<term>ambsdtar:bsdtar_path</term>
|
|
Packit Service |
392537 |
<listitem>
|
|
Packit Service |
392537 |
<para>The bsdtar binary ambsdtar is allowed to run. The default is `amgetconf build.bsdtar_path`</para></listitem>
|
|
Packit Service |
392537 |
</varlistentry>
|
|
Packit Service |
392537 |
|
|
Packit Service |
392537 |
</variablelist>
|
|
Packit Service |
392537 |
</refsect1>
|
|
Packit Service |
392537 |
|
|
Packit Service |
392537 |
<refsect1>
|
|
Packit Service |
392537 |
<title>OTHERS SECURITY PARAMETERS</title>
|
|
Packit Service |
392537 |
|
|
Packit Service |
392537 |
<variablelist remap='TP'>
|
|
Packit Service |
392537 |
<varlistentry>
|
|
Packit Service |
392537 |
<term>restore_by_amanda_user=[yes|no]</term>
|
|
Packit Service |
392537 |
<listitem>
|
|
Packit Service |
392537 |
<para>Default: no. Set to 'yes' if you want the amanda user to restore file as root, required only if you run amgtar, amstar or ambsdtar as the amanda backup for recovery.</para></listitem>
|
|
Packit Service |
392537 |
</varlistentry>
|
|
Packit Service |
392537 |
|
|
Packit Service |
392537 |
<varlistentry>
|
|
Packit Service |
392537 |
<term>tcp_port_range=int,int</term>
|
|
Packit Service |
392537 |
<listitem>
|
|
Packit Service |
392537 |
<para>Default: no. Must be set to the range of privileged tcp port amanda
|
|
Packit Service |
392537 |
can use, required for bsdtcp and krb5 auth.
|
|
Packit Service |
392537 |
The range is inclusive</para>
|
|
Packit Service |
392537 |
<para> You can find the range you are configured to use with:</para>
|
|
Packit Service |
392537 |
<programlisting>
|
|
Packit Service |
392537 |
amgetconf CONF reserved-udp-port
|
|
Packit Service |
392537 |
</programlisting>
|
|
Packit Service |
392537 |
</listitem>
|
|
Packit Service |
392537 |
</varlistentry>
|
|
Packit Service |
392537 |
|
|
Packit Service |
392537 |
<varlistentry>
|
|
Packit Service |
392537 |
<term>udp_port_range=int,int</term>
|
|
Packit Service |
392537 |
<listitem>
|
|
Packit Service |
392537 |
<para>Default: no. Must be set to the range of privileged udp port amanda
|
|
Packit Service |
392537 |
can use, required for bsd and bsdudp auth.
|
|
Packit Service |
392537 |
The range is inclusive</para>
|
|
Packit Service |
392537 |
<para> You can find the range you are configured to use with:</para>
|
|
Packit Service |
392537 |
<programlisting>
|
|
Packit Service |
392537 |
amgetconf CONF reserved-udp-port
|
|
Packit Service |
392537 |
</programlisting>
|
|
Packit Service |
392537 |
</listitem>
|
|
Packit Service |
392537 |
</varlistentry>
|
|
Packit Service |
392537 |
</variablelist>
|
|
Packit Service |
392537 |
|
|
Packit Service |
392537 |
</refsect1>
|
|
Packit Service |
392537 |
|
|
Packit Service |
392537 |
<seealso>
|
|
Packit Service |
392537 |
<manref name="amanda.conf" vol="5"/>,
|
|
Packit Service |
392537 |
</seealso>
|
|
Packit Service |
392537 |
|
|
Packit Service |
392537 |
</refentry>
|
|
Packit Service |
392537 |
|