From 18c44a9414f4c67587dfbad1ec0d6b4d6fa91e13 Mon Sep 17 00:00:00 2001
From: Thomas Glatthor <Thomas.Glatthor@ic3s.de>
Date: Tue, 6 Nov 2007 18:01:38 +0000
Subject: [PATCH] work in progress

---
 docs/manual-de/consoleconf.tex | 254 ++++++++++++++++++++++-----------
 1 file changed, 174 insertions(+), 80 deletions(-)

diff --git a/docs/manual-de/consoleconf.tex b/docs/manual-de/consoleconf.tex
index 22f4864d..8ed37a4c 100644
--- a/docs/manual-de/consoleconf.tex
+++ b/docs/manual-de/consoleconf.tex
@@ -1,40 +1,27 @@
 %%
 %%
 
-\section*{Console Configuration}
-\label{_ChapterStart36}
-\index[general]{Configuration!Console}
-\index[general]{Console Configuration}
-\addcontentsline{toc}{section}{Console Configuration}
+\chapter{Console Konfiguration}
+\label{ConsoleConfChapter}
+\index[general]{Konfiguration!Console}
+\index[general]{Console Konfiguration}
 
-\subsection*{General}
-\index[general]{General}
-\addcontentsline{toc}{subsection}{General}
+\section{Allgemein}
 
-The Console configuration file is the simplest of all the configuration files,
-and in general, you should not need to change it except for the password. It
-simply contains the information necessary to contact the Director or
-Directors. 
+Die Console-Konfigurations-Datei ist die einfachste Konfigurations-Datei von allen.
+Normalerweise m\"{u}{\ss}en Sie in dieser Datei nicht au{\ss}er dem Passwort \"{a}ndern.
+Diese Datei enth\"{a}lt alle Informationen die n\"{o}tig sind, damit sich das Console-Programm
+zu dem Director-Dienst verbinden kann und darf.
 
-For a general discussion of configuration file and resources including the
-data types recognized by {\bf Bacula}, please see the 
-\ilink{Configuration}{_ChapterStart16} chapter of this manual. 
+F\"{u}r eine allgemeine \"{U}bersicht der Syntax der Konfigurations-Dateien, sowie der verschiedenen Eintr\"{a}ge,
+einschlie{\ss}lich der Datentypen, sehen Sie sich bitte das Kapitel \ilink{Konfiguration}{ConfigureChapter} an.
 
-The following Console Resource definition must be defined: 
+Die folgenden Console-Konfigurations-Parameter m\"{u}ssen definiert werden:
 
-\begin{itemize}
-\item 
-   \ilink{Director}{DirectorResource3} -- to  define the
-   Director's name and his access password. Note,  you may define more than one
-Director resource in the  Console configuration file. If you do so, the
-Console program  will ask you which one you want to use. 
-\end{itemize}
-
-\subsection*{The Director Resource}
+\section{Der Director-Eintrag}
 \label{DirectorResource3}
-\index[general]{Director Resource}
-\index[general]{Resource!Director}
-\addcontentsline{toc}{subsection}{Director Resource}
+\index[general]{Director Eintrag}
+\index[general]{Eintrag!Director}
 
 The Director resource defines the attributes of the Director running on the
 network. You may have multiple Director resource specifications in a single
@@ -42,38 +29,36 @@ Console configuration file. If you have more than one, you will be prompted to
 choose one when you start the {\bf Console} program. 
 
 \begin{description}
-
 \item [Director]
    \index[console]{Director}
-   Start of the Director records. 
+   Start of the Director directives.
 
 \item [Name = \lt{}name\gt{}]
    \index[console]{Name}
    The director name used to select  among different Directors, otherwise, this
-name is not used. 
+   name is not used. 
 
 \item [DIRPort = \lt{}port-number\gt{}]
    \index[dir]{DIRPort}
    Specify the port to use to connect  to the Director. This value will most
-likely already be set to the value  you specified on the {\bf
-\verb:--:with-base-port} option of the  {\bf ./configure} command. This port must be
-identical to the  {\bf DIRport} specified in the {\bf Director} resource of
-the 
-\ilink{Director's configuration}{_ChapterStart40} file.  The
-default is 9101 so this record is not normally specified. 
+   likely already be set to the value  you specified on the {\bf
+   \verb:--:with-base-port} option of the  {\bf ./configure} command. This port must be
+   identical to the  {\bf DIRport} specified in the {\bf Director} resource of
+   the \ilink{Director's configuration}{DirectorChapter} file.  The
+   default is 9101 so this directive is not normally specified. 
 
 \item [Address = \lt{}address\gt{}]
    \index[dir]{Address}
    Where the address is a host name,  a fully qualified domain name, or a network
-address used to connect  to the Director. 
+   address used to connect  to the Director. 
 
 \item [Password = \lt{}password\gt{}]
    \index[dir]{Password}
    Where the password is the  password needed for the Director to accept the
-Console connection.  This password must be identical to the {\bf Password}
-specified in  the {\bf Director} resource of the 
-\ilink{Director's configuration}{_ChapterStart40} file. This 
-record is required. 
+   Console connection.  This password must be identical to the {\bf Password}
+   specified in  the {\bf Director} resource of the 
+   \ilink{Director's configuration}{DirectorChapter} file. This 
+   directive is required. 
 \end{description}
 
 An actual example might be: 
@@ -88,10 +73,9 @@ Director {
 \end{verbatim}
 \normalsize
 
-\subsection*{The ConsoleFont Resource}
+\section{The ConsoleFont Resource}
 \index[general]{Resource!ConsoleFont}
 \index[general]{ConsoleFont Resource}
-\addcontentsline{toc}{subsection}{ConsoleFont Resource}
 
 The ConsoleFont resource is available only in the GNOME version of the
 console. It permits you to define the font that you want used to display in
@@ -101,7 +85,7 @@ the main listing window.
 
 \item [ConsoleFont]
    \index[console]{ConsoleFont}
-   Start of the ConsoleFont records. 
+   Start of the ConsoleFont directives. 
 
 \item [Name = \lt{}name\gt{}]
    \index[console]{Name}
@@ -110,7 +94,7 @@ the main listing window.
 \item [Font = \lt{}Pango Font Name\gt{}]
    \index[console]{Font}
    The string value given here defines the desired font. It  is specified in the
-Pango format. For example, the default specification is: 
+   Pango format. For example, the default specification is: 
 
 \footnotesize
 \begin{verbatim}
@@ -128,16 +112,15 @@ An different example might be:
 \begin{verbatim}
 ConsoleFont {
   Name = Default
-Font = "Monospace 10"
+  Font = "Monospace 10"
 }
 \end{verbatim}
 \normalsize
 
-\subsection*{The Console Resource}
+\section{The Console Resource}
 \label{ConsoleResource}
 \index[general]{Console Resource}
 \index[general]{Resource!Console}
-\addcontentsline{toc}{subsection}{Console Resource}
 
 As of Bacula version 1.33 and higher, there are three different kinds of
 consoles, which the administrator or user can use to interact with the
@@ -148,30 +131,39 @@ levels.
 \item The first console type is an {\bf anonymous} or {\bf default}  console,
    which has full privileges. There is no console  resource necessary for this
    type since the password is  specified in the Director resource. This is the
-kind of  console that was initially implemented in versions prior to  1.33 and
-remains valid. Typically you would use it only  for administrators.  
-\item The second type of console, and new to version 1.33 and  higher is a
-   "named" console defined within a  Console resource in both the Director's
-   configuration file  and in the Console's configuration file. Both the names 
-and the passwords in these two entries must match much as  is the case for
-Client programs. 
-
-This second type of  console begins with absolutely no privileges except those
-explicitly specified in the Director's Console resource.  Thus you can have
-multiple Consoles with different names  and passwords, sort of like multiple
-users, each with  different privileges. As a default, these consoles can do 
-absolutely nothing -- no commands what so ever. You give  them privileges or
-rather access to commands and resources  by specifying access control lists in
-the Director's  Console resource. Note, if you are specifying such a  console,
-you will want to put a null password in the  Director resource.  
-\item The third type of console is similar to the above mentioned  one in that
-   it requires a Console resource definition in  both the Director and the
-   Console. In addition, if the  console name, provided on the {\bf Name =}
-directive, is  the same as a Client name, the user of that console is 
-permitted to use the {\bf SetIP} command to change the  Address directive in
-the Director's client resource to the  IP address of the Console. This permits
-portables or other  machines using DHCP (non-fixed IP addresses) to 
-"notify" the Director of their current IP  address. 
+   kind of  console that was initially implemented in versions prior to  1.33 and
+   remains valid. Typically you would use it only for administrators.  
+
+\item The second type of console, and new to version 1.33 and higher is a
+   "named" or "restricted" console defined within a Console resource in
+   both the Director's configuration file and in the Console's
+   configuration file.  Both the names and the passwords in these two
+   entries must match much as is the case for Client programs.
+
+   This second type of console begins with absolutely no privileges except
+   those explicitly specified in the Director's Console resource.  Note,
+   the definition of what these restricted consoles can do is determined 
+   by the Director's conf file.
+
+   Thus you may define within the Director's conf file multiple Consoles
+   with different names and passwords, sort of like multiple users, each
+   with different privileges.  As a default, these consoles can do
+   absolutely nothing -- no commands what so ever.  You give them
+   privileges or rather access to commands and resources by specifying
+   access control lists in the Director's Console resource.  This gives the
+   administrator fine grained control over what particular consoles (or
+   users) can do.
+
+\item The third type of console is similar to the above mentioned
+   restricted console in that it requires a Console resource definition in
+   both the Director and the Console.  In addition, if the console name,
+   provided on the {\bf Name =} directive, is the same as a Client name,
+   the user of that console is permitted to use the {\bf SetIP} command to
+   change the Address directive in the Director's client resource to the IP
+   address of the Console.  This permits portables or other machines using
+   DHCP (non-fixed IP addresses) to "notify" the Director of their current
+   IP address.
+
 \end{itemize}
 
 The Console resource is optional and need not be specified. However, if it is
@@ -179,20 +171,68 @@ specified, you can use ACLs (Access Control Lists) in the Director's
 configuration file to restrict the particular console (or user) to see only
 information pertaining to his jobs or client machine. 
 
+You may specify as many Console resources in the console's conf file. If
+you do so, generally the first Console resource will be used.  However, if
+you have multiple Director resources (i.e. you want to connect to different
+directors), you can bind one of your Console resources to a particular
+Director resource, and thus when you choose a particular Director, the
+appropriate Console configuration resource will be used. See the "Director"
+directive in the Console resource described below for more information.
+
+Note, the Console resource is optional, but can be useful for
+restricted consoles as noted above.
+
+\begin{description}
+\item [Console]
+   \index[console]{Console}
+   Start of the Console resource.
+
+\item [Name = \lt{}name\gt{}]
+   \index[console]{Name}
+   The Console name used to allow a restricted console to change
+   its IP address using the SetIP command. The SetIP command must
+   also be defined in the Director's conf CommandACL list.
+
+
+\item [Password = \lt{}password\gt{}]
+   \index[console]{Password}
+   If this password is supplied, then the password specified in the
+   Director resource of you Console conf will be ignored.  See below
+   for more details.
+
+\item [Director = \lt{}director-resource-name\gt{}]
+   If this directive is specified, this Console resource will be
+   used by bconsole when that particular director is selected
+   when first starting bconsole.  I.e. it binds a particular console
+   resource with its name and password to a particular director.
+
+\item [Heartbeat Interval = \lt{}time-interval\gt{}]
+   \index[console]{Heartbeat Interval}
+   \index[console]{Directive!Heartbeat}
+   This directive is optional and if specified will cause the Console to
+   set a keepalive interval (heartbeat) in seconds on each of the sockets
+   to communicate with the Director.  It is implemented only on systems
+   (Linux, ...) that provide the {\bf setsockopt} TCP\_KEEPIDLE function.
+   The default value is zero, which means no change is made to the socket.
+
+\end{description}
+
+
 The following configuration files were supplied by Phil Stracchino. For
 example, if we define the following in the user's bconsole.conf file (or
-perhaps the wx-console.conf file): 
+perhaps the bwx-console.conf file): 
 
 \footnotesize
 \begin{verbatim}
- Director {
+Director {
    Name = MyDirector
    DIRport = 9101
    Address = myserver
    Password = "XXXXXXXXXXX"    # no, really.  this is not obfuscation.
 }
+
  
- Console {
+Console {
    Name = restricted-user
    Password = "UntrustedUser"
 }
@@ -230,19 +270,73 @@ DefaultCatalog}, and the only command he can use in the Console is the {\bf
 run} command. In other words, this user is rather limited in what he can see
 and do with Bacula. 
 
-\subsection*{Console Commands}
+The following is an example of a bconsole conf file that can access
+several Directors and has different Consoles depending on the director:
+
+\footnotesize
+\begin{verbatim}
+Director {
+   Name = MyDirector
+   DIRport = 9101
+   Address = myserver
+   Password = "XXXXXXXXXXX"    # no, really.  this is not obfuscation.
+}
+
+Director {
+   Name = SecondDirector
+   DIRport = 9101
+   Address = secondserver
+   Password = "XXXXXXXXXXX"    # no, really.  this is not obfuscation.
+}
+
+Console {
+   Name = restricted-user
+   Password = "UntrustedUser"
+   Director = MyDirector
+}
+
+Console {
+   Name = restricted-user
+   Password = "A different UntrustedUser"
+   Director = SecondDirector
+}
+\end{verbatim}
+\normalsize
+
+The second Director referenced at "secondserver" might look
+like the following:
+
+\footnotesize
+\begin{verbatim}
+Console {
+  Name = restricted-user
+  Password = "A different UntrustedUser"
+  JobACL = "Restricted Client Save"
+  ClientACL = restricted-client
+  StorageACL = second-storage
+  ScheduleACL = *all*
+  PoolACL = *all*
+  FileSetACL = "Restricted Client's FileSet"
+  CatalogACL = RestrictedCatalog
+  CommandACL = run, restore
+  WhereACL = "/"
+}
+\end{verbatim}
+\normalsize
+
+
+
+\section{Console Commands}
 \index[general]{Console Commands}
 \index[general]{Commands!Console}
-\addcontentsline{toc}{subsection}{Console Commands}
 
 For more details on running the console and its commands, please see the 
 \ilink{Bacula Console}{_ConsoleChapter} chapter of this manual. 
 
-\subsection*{Sample Console Configuration File}
+\section{Sample Console Configuration File}
 \label{SampleConfiguration2}
 \index[general]{File!Sample Console Configuration}
 \index[general]{Sample Console Configuration File}
-\addcontentsline{toc}{subsection}{Sample Console Configuration File}
 
 An example Console configuration file might be the following: 
 
-- 
2.39.5