How To:Limit the Hosts That Can Recover a DLE

From The Open Source Backup Wiki (Amanda, MySQL Backup, BackupPC)

Jump to: navigation, search

This article is a part of the How Tos collection.

Before Amanda-3.2, Amanda would happily allow any host that could get past the security API to recover dumps from any host. This makes a lot of sense within a single organization: if www1 goes down, you can quickly recover its /var/www on spareserver, the host you started up to take its place. However, it is not a good solution for situations where different backup clients should not be able to access one another's data.

In version 3.2, Amanda can fix this.

Configuration

First, set a default recovery limit for all hosts using the global recovery-limit parameter in amanda.conf. Often this will be something like

recovery-limit same-host "backupserver.mycompany.com"

which says that, by default, client hosts can recover their own dumps, and that the host "backupserver" can recover all dumps.

For more complex circumstances, you can also add a recovery-limit parameter to particular dumptypes or DLEs. However, do not omit the global configuration, which limits access to dumps that are not in the disklist anymore. For example, to allow a restore from spareserver on a few DLEs, add a new parameter to each DLE like this:

www1 /var/www {
    www-tar
    recovery-limit "spareserver"
}

Other languages: English  • Fran├žais


Personal tools