This repository has been archived by the owner on Mar 19, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 16
/
director-resource-console-definitions.tex
121 lines (95 loc) · 3.81 KB
/
director-resource-console-definitions.tex
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
\defDirective{Dir}{Console}{Catalog ACL}{}{}{%
This directive is used to specify a list of Catalog resource names that
can be accessed by the console.
}
\defDirective{Dir}{Console}{Client ACL}{}{}{%
This directive is used to specify a list of Client resource names that can be accessed by the console.
}
\defDirective{Dir}{Console}{Command ACL}{}{}{%
This directive is used to specify a list of of console commands that can
be executed by the console.
}
\defDirective{Dir}{Console}{Description}{}{}{%
}
\defDirective{Dir}{Console}{Fileset ACL}{}{}{%
This directive is used to specify a list of FileSet resource names that
can be accessed by the console.
}
\defDirective{Dir}{Console}{Job ACL}{}{}{%
This directive is used to specify a list of Job resource names that can
be accessed by the console. Without this directive, the console cannot
access any of the Director's Job resources. Multiple Job resource names
may be specified by separating them with commas, and/or by specifying
multiple JobACL directives. For example, the directive may be specified
as:
\bconfigInput{config/DirConsoleJobACL1.conf}
With the above specification, the console can access the Director's resources
for the four jobs named on the JobACL directives, but for no others.
}
\defDirective{Dir}{Console}{Name}{}{}{%
The name of the console. This name must match the name specified in the
Console's configuration resource (much as is the case with Client
definitions).
}
\defDirective{Dir}{Console}{Password}{}{}{%
Specifies the password that must be supplied for a named Bareos Console
to be authorized. The same password must appear in the {\bf Console}
resource of the Console configuration file. For added security, the
password is never actually passed across the network but rather a
challenge response hash code created with the password. This directive
is required.
The password is plain text. It is preferable for security reasons to choose
random text.
}
\defDirective{Dir}{Console}{Pluginoptions ACL}{}{}{%
}
\defDirective{Dir}{Console}{Pool ACL}{}{}{%
This directive is used to specify a list of Pool resource names that can be
accessed by the console.
}
\defDirective{Dir}{Console}{Run ACL}{}{}{%
}
\defDirective{Dir}{Console}{Schedule ACL}{}{}{%
This directive is used to specify a list of Schedule resource names that can
be accessed by the console.
}
\defDirective{Dir}{Console}{Storage ACL}{}{}{%
This directive is used to specify a list of Storage resource names that can
be accessed by the console.
}
\defDirective{Dir}{Console}{TLS Allowed CN}{}{}{%
}
\defDirective{Dir}{Console}{TLS Authenticate}{}{}{%
}
\defDirective{Dir}{Console}{TLS CA Certificate Dir}{}{}{%
}
\defDirective{Dir}{Console}{TLS CA Certificate File}{}{}{%
}
\defDirective{Dir}{Console}{TLS Certificate}{}{}{%
}
\defDirective{Dir}{Console}{TLS Certificate Revocation List}{}{}{%
}
\defDirective{Dir}{Console}{TLS DH File}{}{}{%
}
\defDirective{Dir}{Console}{TLS Enable}{}{}{%
Bareos can be configured to encrypt all its network traffic.
See chapter \nameref{TlsDirectives} to see,
how the Bareos Director (and the other components) must be configured to use TLS.
}
\defDirective{Dir}{Console}{TLS Key}{}{}{%
}
\defDirective{Dir}{Console}{TLS Require}{}{}{%
}
\defDirective{Dir}{Console}{TLS Verify Peer}{}{}{%
}
\defDirective{Dir}{Console}{Where ACL}{}{}{%
This directive permits you to specify where a restricted console
can restore files. If this directive is not specified, only the
default restore location is permitted (normally \file{/tmp/bareos-restores}.
If {\bf all} is specified any path the
user enters will be accepted (not very secure), any other
value specified (there may be multiple WhereACL directives) will
restrict the user to use that path. For example, on a Unix system,
if you specify "/", the file will be restored to the original
location. This directive is untested.
}