1 Baculum - Bacula web interface
5 1. Customized and restricted consoles
6 2. Baculum users configuration file
9 ================================================================================
11 === 1. Customized and restricted consoles ===
13 Baculum supports customized and restricted consoles for each logged in user.
15 Before using customized and restricted consoles please check location for
16 bconsole configuration files for each user. For do it, there is need to run
17 on Baculum webGUI configuration wizard and there is need to go to "Console"
18 wizard step (fourth step).
20 In "Console" wizard step there is field defined as:
22 Bconsole custom config file path: __________________
24 In this field there is required to define location for restricted consoles.
25 In defined path exists one keyword {user}. It will be replaced into current
28 For example, if logged is user named "john", keyword {user} will be replaced
34 "Bconsole custom config file path" is defined as:
36 /usr/local/bacula/etc/bconsole-{user}.conf
38 After log in user "john" to Baculum webGUI, for each bconsole request will be
41 /usr/local/bacula/etc/bconsole-john.conf
43 It makes available to define some specific console access (or restricted access)
44 for each Baculum user.
46 For user named "willy" in above configured path according bconsole configuration
49 /usr/local/bacula/etc/bconsole-willy.conf
56 In configuration wizard step "Console" there is also field:
58 "Bconsole admin config file path:": ___________________
60 Config file defined in this field will be used by administrator only. For this
61 reason the best parctice is define here console configuration file that gives
62 full access for administrator.
64 Administrator user and password will be defined in next configuration wizard
65 step named "Authorization" (fifth step).
68 Baculum users are defined on web server level as described in instriction
69 in attached to Baculum INSTALL file.
73 For creating users "john" and "willy" as Baculum HTTP Basic authorization users
74 there is need to create this users for example by:
76 # htpasswd /some/location/htpasswd/file john
78 # htpasswd /some/location/htpasswd/file willy
80 For case using other HTTP Basic authorization backends (for example LDAP) there
81 is need to define these users in this specific service.
84 Example of content custom consoles configuration file is below:
87 Name = "BaculaRestrictedUser"
88 Password = "XXXXXXXXX"
89 CommandACL = show,.client,.jobs,.fileset,.pool,.storage,.jobs,.bvfs_update,
90 .bvfs_lsdirs,.bvfs_lsfiles,.bvfs_versions,.bvfs_get_jobids,.bvfs_restore,restore
93 JobACL = somejob1,userjob
96 FileSetACL = somejob1-fileset,userjobFileSet3
100 After defining these ACL there is also need to define the console access to
101 Director service in Bacula Director configuration file as Console{} resource.
106 Please note that in above example in CommandACL are shown the most
107 essential commands necessary for proper working of Baculum webGUI and
108 possibility do to restore action (all .bvfs_* command and "restore"
111 Below are the same necessary commands broke one per line:
129 Catalog Database restriction
131 Because Baculum in few parts of interface uses data from Bacula Catalog Database,
132 for each user who IS NOT administrator there has beed disabled EVERY write to
133 Bacula Catalog database by Baculum webGUI. Modification Bacula Catalog Database
134 tables is possible ONLY for Baculum administrator.
136 Additionally because of Console ACL functionality does not support restriction
137 on media/volumes level, access to media/volumes has been disabled for all users
138 except administrator.
141 Configuration wizard restriction
143 For security reason there has been disabled access to Configuration Wizard
144 function for all users except administrator.
147 ================================================================================
149 === 2. Baculum users configuration file for Lighttpd ===
151 There is possible to manage Baculum administrator login and password directly
152 in configuration wizard step titled "Step 5 - authorization params to Baculum".
154 It means that Baculum administrator may change administrator auth params by
155 configuration wizard.
157 So far in Step 5 configuration wizard there were need to input admin auth params
158 the same as in pre-defined file by "htpasswd" program.
160 For getting possibility to change admin login and password on wizard level
161 there is need to run Baculum on Lighttpd web server and create admin password
164 protected/Data/baculum.users
168 someuser:somepassword
169 myser123:password3213
174 Login and password are stored as plain text.
176 Next in Lighttpd web server configuration file is need to define above file
177 as authfile for access to Baculum, for example:
179 auth.backend = "plain"
180 auth.backend.plain.userfile = "/var/www/baculum/protected/Data/baculum.users"
181 auth.require = ( "/" => (
183 "realm" => "Baculum Auth",
184 "require" => "valid-user"
188 Sample with whole Lighttpd configuration file you can find in directory:
190 examples/baculum.lighttpd.conf
193 Due to Apache web server can use plain text password only for Windows,
194 BEOS and Netware systems, described admin auth modification is not supported
198 Functionality has been tested with Lighttpd. It has not been tested with other
199 web servers that supports plain text stored password.
202 ================================================================================
206 a) Why Jobs list and/or Media list windows do not show any content?
208 In case when in Bacula Catalog database exist a lot of finished Jobs or Media
209 records, for example more than 2000, and window with Jobs or Media list do not
210 show any content, then please consider increase "memory_limit" option in php.ini
211 PHP configuration file to higher value than 256M. There is also possible to set
212 limit window list elements on webGUI in window tools option (on window bottom
213 bar), without changing "memory_limit" value.