4 \chapter{Console Configuration}
5 \label{ConsoleConfChapter}
6 \index[general]{Configuration!Console}
7 \index[general]{Console Configuration}
10 \index[general]{General}
12 The Console configuration file is the simplest of all the configuration files,
13 and in general, you should not need to change it except for the password. It
14 simply contains the information necessary to contact the Director or
17 For a general discussion of the syntax of configuration files and their
18 resources including the data types recognized by {\bf Bacula}, please see
19 the \ilink{Configuration}{ConfigureChapter} chapter of this manual.
21 The following Console Resource definition must be defined:
23 \section{The Director Resource}
24 \label{DirectorResource3}
25 \index[general]{Director Resource}
26 \index[general]{Resource!Director}
28 The Director resource defines the attributes of the Director running on the
29 network. You may have multiple Director resource specifications in a single
30 Console configuration file. If you have more than one, you will be prompted to
31 choose one when you start the {\bf Console} program.
35 \index[console]{Director}
36 Start of the Director directives.
38 \item [Name = \lt{}name\gt{}]
40 The director name used to select among different Directors, otherwise, this
43 \item [DIRPort = \lt{}port-number\gt{}]
45 Specify the port to use to connect to the Director. This value will most
46 likely already be set to the value you specified on the {\bf
47 \verb:--:with-base-port} option of the {\bf ./configure} command. This port must be
48 identical to the {\bf DIRport} specified in the {\bf Director} resource of
49 the \ilink{Director's configuration}{DirectorChapter} file. The
50 default is 9101 so this directive is not normally specified.
52 \item [Address = \lt{}address\gt{}]
54 Where the address is a host name, a fully qualified domain name, or a network
55 address used to connect to the Director.
57 \item [Password = \lt{}password\gt{}]
59 Where the password is the password needed for the Director to accept the
60 Console connection. This password must be identical to the {\bf Password}
61 specified in the {\bf Director} resource of the
62 \ilink{Director's configuration}{DirectorChapter} file. This
63 directive is required.
66 An actual example might be:
72 address = rufus.cats.com
73 password = xyz1erploit
78 \section{The ConsoleFont Resource}
79 \index[general]{Resource!ConsoleFont}
80 \index[general]{ConsoleFont Resource}
82 The ConsoleFont resource is available only in the GNOME version of the
83 console. It permits you to define the font that you want used to display in
84 the main listing window.
89 \index[console]{ConsoleFont}
90 Start of the ConsoleFont directives.
92 \item [Name = \lt{}name\gt{}]
96 \item [Font = \lt{}Pango Font Name\gt{}]
98 The string value given here defines the desired font. It is specified in the
99 Pango format. For example, the default specification is:
103 Font = "LucidaTypewriter 9"
109 Thanks to Phil Stracchino for providing the code for this feature.
111 An different example might be:
117 Font = "Monospace 10"
122 \section{The Console Resource}
123 \label{ConsoleResource}
124 \index[general]{Console Resource}
125 \index[general]{Resource!Console}
127 As of Bacula version 1.33 and higher, there are three different kinds of
128 consoles, which the administrator or user can use to interact with the
129 Director. These three kinds of consoles comprise three different security
133 \item The first console type is an {\bf anonymous} or {\bf default} console,
134 which has full privileges. There is no console resource necessary for this
135 type since the password is specified in the Director resource. This is the
136 kind of console that was initially implemented in versions prior to 1.33 and
137 remains valid. Typically you would use it only for administrators.
139 \item The second type of console, and new to version 1.33 and higher is a
140 "named" or "restricted" console defined within a Console resource in
141 both the Director's configuration file and in the Console's
142 configuration file. Both the names and the passwords in these two
143 entries must match much as is the case for Client programs.
145 This second type of console begins with absolutely no privileges except
146 those explicitly specified in the Director's Console resource. Note,
147 the definition of what these restricted consoles can do is determined
148 by the Director's conf file.
150 Thus you may define within the Director's conf file multiple Consoles
151 with different names and passwords, sort of like multiple users, each
152 with different privileges. As a default, these consoles can do
153 absolutely nothing -- no commands what so ever. You give them
154 privileges or rather access to commands and resources by specifying
155 access control lists in the Director's Console resource. This gives the
156 administrator fine grained control over what particular consoles (or
159 \item The third type of console is similar to the above mentioned
160 restricted console in that it requires a Console resource definition in
161 both the Director and the Console. In addition, if the console name,
162 provided on the {\bf Name =} directive, is the same as a Client name,
163 the user of that console is permitted to use the {\bf SetIP} command to
164 change the Address directive in the Director's client resource to the IP
165 address of the Console. This permits portables or other machines using
166 DHCP (non-fixed IP addresses) to "notify" the Director of their current
170 The Console resource is optional and need not be specified. However, if it is
171 specified, you can use ACLs (Access Control Lists) in the Director's
172 configuration file to restrict the particular console (or user) to see only
173 information pertaining to his jobs or client machine.
175 You may specify as many Console resources in the console's conf file. If
176 you do so, generally the first Console resource will be used. However, if
177 you have multiple Director resources (i.e. you want to connect to different
178 directors), you can bind one of your Console resources to a particular
179 Director resource, and thus when you choose a particular Director, the
180 appropriate Console configuration resource will be used. See the "Director"
181 directive in the Console resource described below for more information.
183 Note, the Console resource is optional, but can be useful for
184 restricted consoles as noted above.
188 \index[console]{Console}
189 Start of the Console resource.
191 \item [Name = \lt{}name\gt{}]
192 \index[console]{Name}
193 The Console name used to allow a restricted console to change
194 its IP address using the SetIP command. The SetIP command must
195 also be defined in the Director's conf CommandACL list.
198 \item [Password = \lt{}password\gt{}]
199 \index[dir]{Password}
200 If this password is supplied, then the password specified in the
201 Director resource of you Console conf will be ignored. See below
204 \item [Director = \lt{}director-resource-name\gt{}]
205 If this directive is specified, this Console resource will be
206 used by bconsole when that particular director is selected
207 when first starting bconsole. I.e. it binds a particular console
208 resource with its name and password to a particular director.
212 The following configuration files were supplied by Phil Stracchino. For
213 example, if we define the following in the user's bconsole.conf file (or
214 perhaps the wx-console.conf file):
222 Password = "XXXXXXXXXXX" # no, really. this is not obfuscation.
227 Name = restricted-user
228 Password = "UntrustedUser"
233 Where the Password in the Director section is deliberately incorrect, and the
234 Console resource is given a name, in this case {\bf restricted-client}. Then
235 in the Director's bacula-dir.conf file (not directly accessible by the user),
241 Name = restricted-user
242 Password = "UntrustedUser"
243 JobACL = "Restricted Client Save"
244 ClientACL = restricted-client
245 StorageACL = main-storage
248 FileSetACL = "Restricted Client's FileSet"
249 CatalogACL = DefaultCatalog
255 the user logging into the Director from his Console will get logged in as {\bf
256 restricted-client}, and he will only be able to see or access a Job with the
257 name {\bf Restricted Client Save} a Client with the name {\bf
258 restricted-client}, a Storage device {\bf main-storage}, any Schedule or Pool,
259 a FileSet named {\bf Restricted Client's File}, a Catalog named {\bf
260 DefaultCatalog}, and the only command he can use in the Console is the {\bf
261 run} command. In other words, this user is rather limited in what he can see
264 The following is an example of a bconsole conf file that can access
265 several Directors and has different Consoles depending on the director:
273 Password = "XXXXXXXXXXX" # no, really. this is not obfuscation.
277 Name = SecondDirector
279 Address = secondserver
280 Password = "XXXXXXXXXXX" # no, really. this is not obfuscation.
284 Name = restricted-user
285 Password = "UntrustedUser"
286 Director = MyDirector
290 Name = restricted-user
291 Password = "A different UntrustedUser"
292 Director = SecondDirector
297 The second Director referenced at "secondserver" might look
303 Name = restricted-user
304 Password = "A different UntrustedUser"
305 JobACL = "Restricted Client Save"
306 ClientACL = restricted-client
307 StorageACL = second-storage
310 FileSetACL = "Restricted Client's FileSet"
311 CatalogACL = RestrictedCatalog
312 CommandACL = run, restore
320 \section{Console Commands}
321 \index[general]{Console Commands}
322 \index[general]{Commands!Console}
324 For more details on running the console and its commands, please see the
325 \ilink{Bacula Console}{_ConsoleChapter} chapter of this manual.
327 \section{Sample Console Configuration File}
328 \label{SampleConfiguration2}
329 \index[general]{File!Sample Console Configuration}
330 \index[general]{Sample Console Configuration File}
332 An example Console configuration file might be the following:
337 # Bacula Console Configuration File
341 address = "my_machine.my_domain.com"
342 Password = Console_password