NAME
amanda-security.conf - Client configuration file for AmandaDESCRIPTION
is the security configuration file for Amanda. This manpage lists the relevant sections and parameters of this file. The file must be installed at /etc/amanda-security.conf and only root must be able to write to it. Good permission are: It must be readable by the amanda user and owned by root. Good permissions are:$ ls -l /etc/amanda-security.conf -rw-r--r--. 1 root root 1994 Jan 29 13:45 /etc/amanda-security.confAn example file should be installed at /etc/amanda/amanda-security.conf. All lines with '#' as the first character ar comment line.
SECURE BINARIES
The list of all executables amanda can execute as root. The format is as follow:AMANDA_PROGRAM:SYMBOLIC_NAME=REALPATH_TO_BINARYThis file must contains realpath to executable, with all symbolic links resolved. You can use the 'realpath' command to find them. Multiple line can be added for the same 'AMANDA_PROGRAM:SYMBOLIC_NAME' if you are using multiple binaries. The 'AMANDA_PROGRAM:SYMBOLIC_NAME' can be any of the following: runtar:gnutar_path
The gnutar binary runtar is allowed to run.
The default is `amgetconf build.gnutar_path`
amgtar:gnutar_path
The gnutar binary amgtar is allowed to run.
The default is `amgetconf build.gnutar_path`
amstar:star_path
The star binary amstar is allowed to run. The
default is `amgetconf build.star_path`
ambsdtar:bsdtar_path
The bsdtar binary ambsdtar is allowed to run.
The default is `amgetconf build.bsdtar_path`
OTHERS SECURITY PARAMETERS
restore_by_amanda_user=[yes|no]Default: no. Set to 'yes' if you want the
amanda user to restore file as root, required only if you run amgtar, amstar
or ambsdtar as the amanda backup for recovery.
tcp_port_range=int,int
Default: no. Must be set to the range of
privileged tcp port amanda can use, required for bsdtcp and krb5 auth. The
range is inclusive
You can find the range you are configured to use with:
udp_port_range=int,int
amgetconf CONF reserved-udp-port
Default: no. Must be set to the range of
privileged udp port amanda can use, required for bsd and bsdudp auth. The
range is inclusive
You can find the range you are configured to use with:
amgetconf CONF reserved-udp-port
SEE ALSO
amanda(8), amanda.conf(5) The Amanda Wiki: : http://wiki.zmanda.com/AUTHOR
Jean-Louis Martineau <[email protected]>Zmanda, Inc. (http://www.zmanda.com)
12/01/2017 | Amanda 3.5.1 |