'\" t
.\" Title: amanda-security.conf
.\" Author: Jean-Louis Martineau <martineau@zmanda.com>
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
.\" Date: 12/01/2017
.\" Manual: File formats and conventions
.\" Source: Amanda 3.5.1
.\" Language: English
.\"
.TH "AMANDA\-SECURITY\&.C" "5" "12/01/2017" "Amanda 3\&.5\&.1" "File formats and conventions"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
amanda-security.conf \- Client configuration file for Amanda
.SH "DESCRIPTION"
.PP
\fBamanda-security.conf\fR(5)
is the security configuration file for Amanda\&. This manpage lists the relevant sections and parameters of this file\&.
.PP
The file must be installed at
\fB/etc/amanda\-security\&.conf\fR
and only root must be able to write to it\&. Good permission are:
.PP
It must be readable by the amanda user and owned by root\&. Good permissions are:
.nf
$ ls \-l /etc/amanda\-security\&.conf
\-rw\-r\-\-r\-\-\&. 1 root root 1994 Jan 29 13:45 /etc/amanda\-security\&.conf
.fi
.PP
An example file should be installed at
\fB/etc/amanda/amanda\-security\&.conf\fR\&.
.PP
All lines with \*(Aq#\*(Aq as the first character ar comment line\&.
.SH "SECURE BINARIES"
.PP
The list of all executables amanda can execute as root\&. The format is as follow:
.sp
.nf
AMANDA_PROGRAM:SYMBOLIC_NAME=REALPATH_TO_BINARY
.fi
.PP
This file must contains realpath to executable, with all symbolic links resolved\&. You can use the \*(Aqrealpath\*(Aq command to find them\&.
.PP
Multiple line can be added for the same \*(AqAMANDA_PROGRAM:SYMBOLIC_NAME\*(Aq if you are using multiple binaries\&.
.PP
The \*(AqAMANDA_PROGRAM:SYMBOLIC_NAME\*(Aq can be any of the following:
.PP
runtar:gnutar_path
.RS 4
The gnutar binary runtar is allowed to run\&. The default is `amgetconf build\&.gnutar_path`
.RE
.PP
amgtar:gnutar_path
.RS 4
The gnutar binary amgtar is allowed to run\&. The default is `amgetconf build\&.gnutar_path`
.RE
.PP
amstar:star_path
.RS 4
The star binary amstar is allowed to run\&. The default is `amgetconf build\&.star_path`
.RE
.PP
ambsdtar:bsdtar_path
.RS 4
The bsdtar binary ambsdtar is allowed to run\&. The default is `amgetconf build\&.bsdtar_path`
.RE
.SH "OTHERS SECURITY PARAMETERS"
.PP
restore_by_amanda_user=[yes|no]
.RS 4
Default: no\&. Set to \*(Aqyes\*(Aq if you want the amanda user to restore file as root, required only if you run amgtar, amstar or ambsdtar as the amanda backup for recovery\&.
.RE
.PP
tcp_port_range=int,int
.RS 4
Default: no\&. Must be set to the range of privileged tcp port amanda can use, required for bsdtcp and krb5 auth\&. The range is inclusive
.sp
You can find the range you are configured to use with:
.nf
amgetconf CONF reserved\-udp\-port
.fi
.RE
.PP
udp_port_range=int,int
.RS 4
Default: no\&. Must be set to the range of privileged udp port amanda can use, required for bsd and bsdudp auth\&. The range is inclusive
.sp
You can find the range you are configured to use with:
.nf
amgetconf CONF reserved\-udp\-port
.fi
.RE
.SH "SEE ALSO"
.PP
\fBamanda\fR(8),
\fBamanda.conf\fR(5)
.PP
The Amanda Wiki:
: http://wiki.zmanda.com/
.SH "AUTHOR"
.PP
\fBJean\-Louis Martineau\fR <\&martineau@zmanda\&.com\&>
.RS 4
Zmanda, Inc\&. (http://www\&.zmanda\&.com)
.RE