%%
%%
-\section*{Console Configuration}
-\label{_ChapterStart36}
-\index[general]{Configuration!Console}
-\index[general]{Console Configuration}
-\addcontentsline{toc}{section}{Console Configuration}
+\chapter{Console Konfiguration}
+\label{ConsoleConfChapter}
+\index[general]{Konfiguration!Console}
+\index[general]{Console Konfiguration}
-\subsection*{General}
-\index[general]{General}
-\addcontentsline{toc}{subsection}{General}
+\section{Allgemein}
-The Console configuration file is the simplest of all the configuration files,
-and in general, you should not need to change it except for the password. It
-simply contains the information necessary to contact the Director or
-Directors.
+Die Console-Konfigurations-Datei ist die einfachste Konfigurations-Datei von allen.
+Normalerweise m\"{u}{\ss}en Sie in dieser Datei nicht au{\ss}er dem Passwort \"{a}ndern.
+Diese Datei enth\"{a}lt alle Informationen die n\"{o}tig sind, damit sich das Console-Programm
+zu dem Director-Dienst verbinden kann und darf.
-For a general discussion of configuration file and resources including the
-data types recognized by {\bf Bacula}, please see the
-\ilink{Configuration}{_ChapterStart16} chapter of this manual.
+F\"{u}r eine allgemeine \"{U}bersicht der Syntax der Konfigurations-Dateien, sowie der verschiedenen Eintr\"{a}ge,
+einschlie{\ss}lich der Datentypen, sehen Sie sich bitte das Kapitel \ilink{Konfiguration}{ConfigureChapter} an.
-The following Console Resource definition must be defined:
+Die folgenden Console-Konfigurations-Parameter m\"{u}ssen definiert werden:
-\begin{itemize}
-\item
- \ilink{Director}{DirectorResource3} -- to define the
- Director's name and his access password. Note, you may define more than one
-Director resource in the Console configuration file. If you do so, the
-Console program will ask you which one you want to use.
-\end{itemize}
-
-\subsection*{The Director Resource}
+\section{Der Director-Eintrag}
\label{DirectorResource3}
-\index[general]{Director Resource}
-\index[general]{Resource!Director}
-\addcontentsline{toc}{subsection}{Director Resource}
+\index[general]{Director Eintrag}
+\index[general]{Eintrag!Director}
The Director resource defines the attributes of the Director running on the
network. You may have multiple Director resource specifications in a single
choose one when you start the {\bf Console} program.
\begin{description}
-
\item [Director]
\index[console]{Director}
- Start of the Director records.
+ Start of the Director directives.
\item [Name = \lt{}name\gt{}]
\index[console]{Name}
The director name used to select among different Directors, otherwise, this
-name is not used.
+ name is not used.
\item [DIRPort = \lt{}port-number\gt{}]
\index[dir]{DIRPort}
Specify the port to use to connect to the Director. This value will most
-likely already be set to the value you specified on the {\bf
-\verb:--:with-base-port} option of the {\bf ./configure} command. This port must be
-identical to the {\bf DIRport} specified in the {\bf Director} resource of
-the
-\ilink{Director's configuration}{_ChapterStart40} file. The
-default is 9101 so this record is not normally specified.
+ likely already be set to the value you specified on the {\bf
+ \verb:--:with-base-port} option of the {\bf ./configure} command. This port must be
+ identical to the {\bf DIRport} specified in the {\bf Director} resource of
+ the \ilink{Director's configuration}{DirectorChapter} file. The
+ default is 9101 so this directive is not normally specified.
\item [Address = \lt{}address\gt{}]
\index[dir]{Address}
Where the address is a host name, a fully qualified domain name, or a network
-address used to connect to the Director.
+ address used to connect to the Director.
\item [Password = \lt{}password\gt{}]
\index[dir]{Password}
Where the password is the password needed for the Director to accept the
-Console connection. This password must be identical to the {\bf Password}
-specified in the {\bf Director} resource of the
-\ilink{Director's configuration}{_ChapterStart40} file. This
-record is required.
+ Console connection. This password must be identical to the {\bf Password}
+ specified in the {\bf Director} resource of the
+ \ilink{Director's configuration}{DirectorChapter} file. This
+ directive is required.
\end{description}
An actual example might be:
\end{verbatim}
\normalsize
-\subsection*{The ConsoleFont Resource}
+\section{The ConsoleFont Resource}
\index[general]{Resource!ConsoleFont}
\index[general]{ConsoleFont Resource}
-\addcontentsline{toc}{subsection}{ConsoleFont Resource}
The ConsoleFont resource is available only in the GNOME version of the
console. It permits you to define the font that you want used to display in
\item [ConsoleFont]
\index[console]{ConsoleFont}
- Start of the ConsoleFont records.
+ Start of the ConsoleFont directives.
\item [Name = \lt{}name\gt{}]
\index[console]{Name}
\item [Font = \lt{}Pango Font Name\gt{}]
\index[console]{Font}
The string value given here defines the desired font. It is specified in the
-Pango format. For example, the default specification is:
+ Pango format. For example, the default specification is:
\footnotesize
\begin{verbatim}
\begin{verbatim}
ConsoleFont {
Name = Default
-Font = "Monospace 10"
+ Font = "Monospace 10"
}
\end{verbatim}
\normalsize
-\subsection*{The Console Resource}
+\section{The Console Resource}
\label{ConsoleResource}
\index[general]{Console Resource}
\index[general]{Resource!Console}
-\addcontentsline{toc}{subsection}{Console Resource}
As of Bacula version 1.33 and higher, there are three different kinds of
consoles, which the administrator or user can use to interact with the
\item The first console type is an {\bf anonymous} or {\bf default} console,
which has full privileges. There is no console resource necessary for this
type since the password is specified in the Director resource. This is the
-kind of console that was initially implemented in versions prior to 1.33 and
-remains valid. Typically you would use it only for administrators.
-\item The second type of console, and new to version 1.33 and higher is a
- "named" console defined within a Console resource in both the Director's
- configuration file and in the Console's configuration file. Both the names
-and the passwords in these two entries must match much as is the case for
-Client programs.
-
-This second type of console begins with absolutely no privileges except those
-explicitly specified in the Director's Console resource. Thus you can have
-multiple Consoles with different names and passwords, sort of like multiple
-users, each with different privileges. As a default, these consoles can do
-absolutely nothing -- no commands what so ever. You give them privileges or
-rather access to commands and resources by specifying access control lists in
-the Director's Console resource. Note, if you are specifying such a console,
-you will want to put a null password in the Director resource.
-\item The third type of console is similar to the above mentioned one in that
- it requires a Console resource definition in both the Director and the
- Console. In addition, if the console name, provided on the {\bf Name =}
-directive, is the same as a Client name, the user of that console is
-permitted to use the {\bf SetIP} command to change the Address directive in
-the Director's client resource to the IP address of the Console. This permits
-portables or other machines using DHCP (non-fixed IP addresses) to
-"notify" the Director of their current IP address.
+ kind of console that was initially implemented in versions prior to 1.33 and
+ remains valid. Typically you would use it only for administrators.
+
+\item The second type of console, and new to version 1.33 and higher is a
+ "named" or "restricted" console defined within a Console resource in
+ both the Director's configuration file and in the Console's
+ configuration file. Both the names and the passwords in these two
+ entries must match much as is the case for Client programs.
+
+ This second type of console begins with absolutely no privileges except
+ those explicitly specified in the Director's Console resource. Note,
+ the definition of what these restricted consoles can do is determined
+ by the Director's conf file.
+
+ Thus you may define within the Director's conf file multiple Consoles
+ with different names and passwords, sort of like multiple users, each
+ with different privileges. As a default, these consoles can do
+ absolutely nothing -- no commands what so ever. You give them
+ privileges or rather access to commands and resources by specifying
+ access control lists in the Director's Console resource. This gives the
+ administrator fine grained control over what particular consoles (or
+ users) can do.
+
+\item The third type of console is similar to the above mentioned
+ restricted console in that it requires a Console resource definition in
+ both the Director and the Console. In addition, if the console name,
+ provided on the {\bf Name =} directive, is the same as a Client name,
+ the user of that console is permitted to use the {\bf SetIP} command to
+ change the Address directive in the Director's client resource to the IP
+ address of the Console. This permits portables or other machines using
+ DHCP (non-fixed IP addresses) to "notify" the Director of their current
+ IP address.
+
\end{itemize}
The Console resource is optional and need not be specified. However, if it is
configuration file to restrict the particular console (or user) to see only
information pertaining to his jobs or client machine.
+You may specify as many Console resources in the console's conf file. If
+you do so, generally the first Console resource will be used. However, if
+you have multiple Director resources (i.e. you want to connect to different
+directors), you can bind one of your Console resources to a particular
+Director resource, and thus when you choose a particular Director, the
+appropriate Console configuration resource will be used. See the "Director"
+directive in the Console resource described below for more information.
+
+Note, the Console resource is optional, but can be useful for
+restricted consoles as noted above.
+
+\begin{description}
+\item [Console]
+ \index[console]{Console}
+ Start of the Console resource.
+
+\item [Name = \lt{}name\gt{}]
+ \index[console]{Name}
+ The Console name used to allow a restricted console to change
+ its IP address using the SetIP command. The SetIP command must
+ also be defined in the Director's conf CommandACL list.
+
+
+\item [Password = \lt{}password\gt{}]
+ \index[console]{Password}
+ If this password is supplied, then the password specified in the
+ Director resource of you Console conf will be ignored. See below
+ for more details.
+
+\item [Director = \lt{}director-resource-name\gt{}]
+ If this directive is specified, this Console resource will be
+ used by bconsole when that particular director is selected
+ when first starting bconsole. I.e. it binds a particular console
+ resource with its name and password to a particular director.
+
+\item [Heartbeat Interval = \lt{}time-interval\gt{}]
+ \index[console]{Heartbeat Interval}
+ \index[console]{Directive!Heartbeat}
+ This directive is optional and if specified will cause the Console to
+ set a keepalive interval (heartbeat) in seconds on each of the sockets
+ to communicate with the Director. It is implemented only on systems
+ (Linux, ...) that provide the {\bf setsockopt} TCP\_KEEPIDLE function.
+ The default value is zero, which means no change is made to the socket.
+
+\end{description}
+
+
The following configuration files were supplied by Phil Stracchino. For
example, if we define the following in the user's bconsole.conf file (or
-perhaps the wx-console.conf file):
+perhaps the bwx-console.conf file):
\footnotesize
\begin{verbatim}
- Director {
+Director {
Name = MyDirector
DIRport = 9101
Address = myserver
Password = "XXXXXXXXXXX" # no, really. this is not obfuscation.
}
+
- Console {
+Console {
Name = restricted-user
Password = "UntrustedUser"
}
run} command. In other words, this user is rather limited in what he can see
and do with Bacula.
-\subsection*{Console Commands}
+The following is an example of a bconsole conf file that can access
+several Directors and has different Consoles depending on the director:
+
+\footnotesize
+\begin{verbatim}
+Director {
+ Name = MyDirector
+ DIRport = 9101
+ Address = myserver
+ Password = "XXXXXXXXXXX" # no, really. this is not obfuscation.
+}
+
+Director {
+ Name = SecondDirector
+ DIRport = 9101
+ Address = secondserver
+ Password = "XXXXXXXXXXX" # no, really. this is not obfuscation.
+}
+
+Console {
+ Name = restricted-user
+ Password = "UntrustedUser"
+ Director = MyDirector
+}
+
+Console {
+ Name = restricted-user
+ Password = "A different UntrustedUser"
+ Director = SecondDirector
+}
+\end{verbatim}
+\normalsize
+
+The second Director referenced at "secondserver" might look
+like the following:
+
+\footnotesize
+\begin{verbatim}
+Console {
+ Name = restricted-user
+ Password = "A different UntrustedUser"
+ JobACL = "Restricted Client Save"
+ ClientACL = restricted-client
+ StorageACL = second-storage
+ ScheduleACL = *all*
+ PoolACL = *all*
+ FileSetACL = "Restricted Client's FileSet"
+ CatalogACL = RestrictedCatalog
+ CommandACL = run, restore
+ WhereACL = "/"
+}
+\end{verbatim}
+\normalsize
+
+
+
+\section{Console Commands}
\index[general]{Console Commands}
\index[general]{Commands!Console}
-\addcontentsline{toc}{subsection}{Console Commands}
For more details on running the console and its commands, please see the
\ilink{Bacula Console}{_ConsoleChapter} chapter of this manual.
-\subsection*{Sample Console Configuration File}
+\section{Sample Console Configuration File}
\label{SampleConfiguration2}
\index[general]{File!Sample Console Configuration}
\index[general]{Sample Console Configuration File}
-\addcontentsline{toc}{subsection}{Sample Console Configuration File}
An example Console configuration file might be the following:
projects / bacula / docs / commitdiff