Allowed Job Command and Allowed Script Dir docs

manuals/en/main/bareos-fd-resource-client-definitions.tex

@@ -10,9 +10,61 @@
 }
 
 \defDirective{Fd}{Client}{Allowed Job Command}{}{}{%
+This directive filters what type of jobs the filedaemon should allow.
+Until now we had the -b (backup only) and -r (restore only) flags which could
+be specified at the startup of the filedaemon.
+
+Allowed Job Command can be defined globally for all directors by
+adding it to the global filedaemon resource or for a specific director when
+added to the director resource.
+
+You specify all commands you want to be executed by the filedaemon. When you
+don't specify the option it will be empty which means all commands are allowed.
+
+The following example shows how to use this functionality:
+\bconfigInput{config/FdClientAllowedJobCommand1.conf}
+
+
+All commands that are allowed are specified each on a new line with the
+Allowed Job Command keyword.
+
+The following job commands are recognized:
+
+\begin{description}
+    \item[backup] allow backups to be made
+    \item[restore] allow restores to be done
+    \item[verify] allow verify jobs to be done
+    \item[estimate] allow estimate cmds to be executed
+    \item[runscript] allow runscripts to run
+\end{description}
+
+Only the important commands the filedaemon can perform are filtered, as
+some commands are part of the above protocols and by disallowing
+the action the other commands are not invoked at all.
+
+If runscripts are not needed it would we recommend as security measure to disable
+running those or only allow the commands that you really want to be used.
+
+Runscripts are particularly a problem as they allow the filedaemon to run
+arbitrary commands. You may also look into the Allowed Script Dir keyword to
+limit the impact of the runscript command.
 }
 
 \defDirective{Fd}{Client}{Allowed Script Dir}{}{}{%
+This directive limits the impact of the runscript command of the filedaemon.
+
+It can be specified either for all directors  by adding it to the global filedaemon resource
+or for a specific director when added to the director resource.
+
+All directories in which the scripts or commands are located
+that you allow to be run by the runscript command of the filedaemon. Any
+program not in one of these paths (or subpaths) cannot be used. The
+implementation checks if the full path of the script starts with one of the
+specified paths.
+
+The following example shows how to use this functionality:
+
+\bconfigInput{config/FdClientAllowedScriptDir1.conf}
 }
 
 \defDirective{Fd}{Client}{Always Use LMDB}{}{}{%

manuals/en/main/bareos-fd-resource-director-definitions.tex

@@ -2,9 +2,11 @@
 }
 
 \defDirective{Fd}{Director}{Allowed Job Command}{}{}{%
+see \linkResourceDirective{Fd}{Client}{Allowed Job Command}
 }
 
 \defDirective{Fd}{Director}{Allowed Script Dir}{}{}{%
+see \linkResourceDirective{Fd}{Client}{Allowed Script Dir}
 }
 
 \defDirective{Fd}{Director}{Description}{}{}{%

manuals/en/main/config/FdClientAllowedJobCommand1.conf

@@ -0,0 +1,6 @@
+Director {
+  Name = <name>
+  Password = <password>
+  Allowed Job Command = "backup"
+  Allowed Job Command = "runscript"
+}

manuals/en/main/config/FdClientAllowedScriptDir1.conf

@@ -0,0 +1,5 @@
+Director {
+  Name = <name>
+  Password = <password>
+  Allowed Script Dir = "/etc/bareos"
+}