Recovery Limits

From The Open Source Backup Wiki (Amanda, MySQL Backup, BackupPC)

Jump to: navigation, search

As of Amanda-3.2, Amanda suports limiting the hosts that can recover a particular DLE.

Authenticated Peer Name

Amanda's ordinary authentication authenticates connections from a remote host, but the authentication is always host-based, and have very little to do with usernames. The SSH authentication mechanism relies on SSH to verify the identity of the connection initiator, and assumes that anything that can invoke amandad has been authenticated.

The security API also provides a notion of an authenticated peer name, and this is what the recovery limits are keyed from. The details are in amanda-auth(7), but for the most part the peer name is the fully-qualified hostname for the peer IP address.

Limits

The recovery-limit configuration parameter specifies a set of match expressions which are applied (by amidxtaped and amindexd) against the authenticated name. If any match, then recovery is allowed. The special keyword same-host compares the authenticated hostname to the host portion of the DLE; note that this is an exact comparison and not treated as a match.

For DLEs which have no recovery-limit specified, or for recovery of dumps which are no longer in the dumplist, Amanda falls back to the global recovery-limit parameter.

See Also

See How To:Limit the Hosts That Can Recover a DLE for instructions.


Other languages: English  • Fran├žais


Personal tools