+++ /dev/null
-%%
-%%
-
-\chapter{Console Configuration}
-\label{ConsoleConfChapter}
-\index[general]{Configuration!Console}
-\index[general]{Console Configuration}
-
-\section{General}
-\index[general]{General}
-
-The Console configuration file is the simplest of all the configuration files,
-and in general, you should not need to change it except for the password. It
-simply contains the information necessary to contact the Director or
-Directors.
-
-For a general discussion of the syntax of configuration files and their
-resources including the data types recognized by {\bf Bacula}, please see
-the \ilink{Configuration}{ConfigureChapter} chapter of this manual.
-
-The following Console Resource definition must be defined:
-
-\section{The Director Resource}
-\label{DirectorResource3}
-\index[general]{Director Resource}
-\index[general]{Resource!Director}
-
-The Director resource defines the attributes of the Director running on the
-network. You may have multiple Director resource specifications in a single
-Console configuration file. If you have more than one, you will be prompted to
-choose one when you start the {\bf Console} program.
-
-\begin{description}
-\item [Director]
- \index[console]{Director}
- Start of the Director directives.
-
-\item [Name = \lt{}name\gt{}]
- \index[console]{Name}
- The director name used to select among different Directors, otherwise, this
- name is not used.
-
-\item [DIRPort = \lt{}port-number\gt{}]
- \index[dir]{DIRPort}
- Specify the port to use to connect to the Director. This value will most
- likely already be set to the value you specified on the {\bf
- \verb:--:with-base-port} option of the {\bf ./configure} command. This port must be
- identical to the {\bf DIRport} specified in the {\bf Director} resource of
- the \ilink{Director's configuration}{DirectorChapter} file. The
- default is 9101 so this directive is not normally specified.
-
-\item [Address = \lt{}address\gt{}]
- \index[dir]{Address}
- Where the address is a host name, a fully qualified domain name, or a network
- address used to connect to the Director.
-
-\item [Password = \lt{}password\gt{}]
- \index[dir]{Password}
- Where the password is the password needed for the Director to accept the
- Console connection. This password must be identical to the {\bf Password}
- specified in the {\bf Director} resource of the
- \ilink{Director's configuration}{DirectorChapter} file. This
- directive is required.
-\end{description}
-
-An actual example might be:
-
-\footnotesize
-\begin{verbatim}
-Director {
- Name = HeadMan
- address = rufus.cats.com
- password = xyz1erploit
-}
-\end{verbatim}
-\normalsize
-
-\section{The ConsoleFont Resource}
-\index[general]{Resource!ConsoleFont}
-\index[general]{ConsoleFont Resource}
-
-The ConsoleFont resource is available only in the GNOME version of the
-console. It permits you to define the font that you want used to display in
-the main listing window.
-
-\begin{description}
-
-\item [ConsoleFont]
- \index[console]{ConsoleFont}
- Start of the ConsoleFont directives.
-
-\item [Name = \lt{}name\gt{}]
- \index[console]{Name}
- The name of the font.
-
-\item [Font = \lt{}Pango Font Name\gt{}]
- \index[console]{Font}
- The string value given here defines the desired font. It is specified in the
- Pango format. For example, the default specification is:
-
-\footnotesize
-\begin{verbatim}
-Font = "LucidaTypewriter 9"
-\end{verbatim}
-\normalsize
-
-\end{description}
-
-Thanks to Phil Stracchino for providing the code for this feature.
-
-An different example might be:
-
-\footnotesize
-\begin{verbatim}
-ConsoleFont {
- Name = Default
- Font = "Monospace 10"
-}
-\end{verbatim}
-\normalsize
-
-\section{The Console Resource}
-\label{ConsoleResource}
-\index[general]{Console Resource}
-\index[general]{Resource!Console}
-
-As of Bacula version 1.33 and higher, there are three different kinds of
-consoles, which the administrator or user can use to interact with the
-Director. These three kinds of consoles comprise three different security
-levels.
-
-\begin{itemize}
-\item The first console type is an {\bf anonymous} or {\bf default} console,
- which has full privileges. There is no console resource necessary for this
- type since the password is specified in the Director resource. This is the
- kind of console that was initially implemented in versions prior to 1.33 and
- remains valid. Typically you would use it only for administrators.
-
-\item The second type of console, and new to version 1.33 and higher is a
- "named" or "restricted" console defined within a Console resource in
- both the Director's configuration file and in the Console's
- configuration file. Both the names and the passwords in these two
- entries must match much as is the case for Client programs.
-
- This second type of console begins with absolutely no privileges except
- those explicitly specified in the Director's Console resource. Note,
- the definition of what these restricted consoles can do is determined
- by the Director's conf file.
-
- Thus you may define within the Director's conf file multiple Consoles
- with different names and passwords, sort of like multiple users, each
- with different privileges. As a default, these consoles can do
- absolutely nothing -- no commands what so ever. You give them
- privileges or rather access to commands and resources by specifying
- access control lists in the Director's Console resource. This gives the
- administrator fine grained control over what particular consoles (or
- users) can do.
-
-\item The third type of console is similar to the above mentioned
- restricted console in that it requires a Console resource definition in
- both the Director and the Console. In addition, if the console name,
- provided on the {\bf Name =} directive, is the same as a Client name,
- the user of that console is permitted to use the {\bf SetIP} command to
- change the Address directive in the Director's client resource to the IP
- address of the Console. This permits portables or other machines using
- DHCP (non-fixed IP addresses) to "notify" the Director of their current
- IP address.
-
-\end{itemize}
-
-The Console resource is optional and need not be specified. However, if it is
-specified, you can use ACLs (Access Control Lists) in the Director's
-configuration file to restrict the particular console (or user) to see only
-information pertaining to his jobs or client machine.
-
-You may specify as many Console resources in the console's conf file. If
-you do so, generally the first Console resource will be used. However, if
-you have multiple Director resources (i.e. you want to connect to different
-directors), you can bind one of your Console resources to a particular
-Director resource, and thus when you choose a particular Director, the
-appropriate Console configuration resource will be used. See the "Director"
-directive in the Console resource described below for more information.
-
-Note, the Console resource is optional, but can be useful for
-restricted consoles as noted above.
-
-\begin{description}
-\item [Console]
- \index[console]{Console}
- Start of the Console resource.
-
-\item [Name = \lt{}name\gt{}]
- \index[console]{Name}
- The Console name used to allow a restricted console to change
- its IP address using the SetIP command. The SetIP command must
- also be defined in the Director's conf CommandACL list.
-
-
-\item [Password = \lt{}password\gt{}]
- \index[console]{Password}
- If this password is supplied, then the password specified in the
- Director resource of you Console conf will be ignored. See below
- for more details.
-
-\item [Director = \lt{}director-resource-name\gt{}]
- If this directive is specified, this Console resource will be
- used by bconsole when that particular director is selected
- when first starting bconsole. I.e. it binds a particular console
- resource with its name and password to a particular director.
-
-\item [Heartbeat Interval = \lt{}time-interval\gt{}]
- \index[console]{Heartbeat Interval}
- \index[console]{Directive!Heartbeat}
- This directive is optional and if specified will cause the Console to
- set a keepalive interval (heartbeat) in seconds on each of the sockets
- to communicate with the Director. It is implemented only on systems
- (Linux, ...) that provide the {\bf setsockopt} TCP\_KEEPIDLE function.
- The default value is zero, which means no change is made to the socket.
-
-\end{description}
-
-
-The following configuration files were supplied by Phil Stracchino. For
-example, if we define the following in the user's bconsole.conf file (or
-perhaps the bwx-console.conf file):
-
-\footnotesize
-\begin{verbatim}
-Director {
- Name = MyDirector
- DIRport = 9101
- Address = myserver
- Password = "XXXXXXXXXXX" # no, really. this is not obfuscation.
-}
-
-
-Console {
- Name = restricted-user
- Password = "UntrustedUser"
-}
-\end{verbatim}
-\normalsize
-
-Where the Password in the Director section is deliberately incorrect, and the
-Console resource is given a name, in this case {\bf restricted-user}. Then
-in the Director's bacula-dir.conf file (not directly accessible by the user),
-we define:
-
-\footnotesize
-\begin{verbatim}
-Console {
- Name = restricted-user
- Password = "UntrustedUser"
- JobACL = "Restricted Client Save"
- ClientACL = restricted-client
- StorageACL = main-storage
- ScheduleACL = *all*
- PoolACL = *all*
- FileSetACL = "Restricted Client's FileSet"
- CatalogACL = DefaultCatalog
- CommandACL = run
-}
-\end{verbatim}
-\normalsize
-
-the user logging into the Director from his Console will get logged in as {\bf
-restricted-user}, and he will only be able to see or access a Job with the
-name {\bf Restricted Client Save} a Client with the name {\bf
-restricted-client}, a Storage device {\bf main-storage}, any Schedule or Pool,
-a FileSet named {\bf Restricted Client's FileSet}, a Catalog named {\bf
-DefaultCatalog}, and the only command he can use in the Console is the {\bf
-run} command. In other words, this user is rather limited in what he can see
-and do with Bacula.
-
-The following is an example of a bconsole conf file that can access
-several Directors and has different Consoles depending on the director:
-
-\footnotesize
-\begin{verbatim}
-Director {
- Name = MyDirector
- DIRport = 9101
- Address = myserver
- Password = "XXXXXXXXXXX" # no, really. this is not obfuscation.
-}
-
-Director {
- Name = SecondDirector
- DIRport = 9101
- Address = secondserver
- Password = "XXXXXXXXXXX" # no, really. this is not obfuscation.
-}
-
-Console {
- Name = restricted-user
- Password = "UntrustedUser"
- Director = MyDirector
-}
-
-Console {
- Name = restricted-user
- Password = "A different UntrustedUser"
- Director = SecondDirector
-}
-\end{verbatim}
-\normalsize
-
-The second Director referenced at "secondserver" might look
-like the following:
-
-\footnotesize
-\begin{verbatim}
-Console {
- Name = restricted-user
- Password = "A different UntrustedUser"
- JobACL = "Restricted Client Save"
- ClientACL = restricted-client
- StorageACL = second-storage
- ScheduleACL = *all*
- PoolACL = *all*
- FileSetACL = "Restricted Client's FileSet"
- CatalogACL = RestrictedCatalog
- CommandACL = run, restore
- WhereACL = "/"
-}
-\end{verbatim}
-\normalsize
-
-
-
-\section{Console Commands}
-\index[general]{Console Commands}
-\index[general]{Commands!Console}
-
-For more details on running the console and its commands, please see the
-\ilink{Bacula Console}{_ConsoleChapter} chapter of this manual.
-
-\section{Sample Console Configuration File}
-\label{SampleConfiguration2}
-\index[general]{File!Sample Console Configuration}
-\index[general]{Sample Console Configuration File}
-
-An example Console configuration file might be the following:
-
-\footnotesize
-\begin{verbatim}
-#
-# Bacula Console Configuration File
-#
-Director {
- Name = HeadMan
- address = "my_machine.my_domain.com"
- Password = Console_password
-}
-\end{verbatim}
-\normalsize
projects / bacula / docs / blobdiff