How To:Limit the Hosts That Can Recover a DLE

From wiki.zmanda.com
Revision as of 01:42, 29 September 2010 by Dustin (talk | contribs) (new page)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Before Amanda-3.2, Amanda would happily allow any host that could get past the security API to recover dumps from any host. This makes a lot of sense within a single organization: if www1 goes down, you can quickly recover its /var/www on spareserver, the host you started up to take its place. However, it is not a good solution for situations where different backup clients should not be able to access one another's data.

In version 3.2, Amanda can fix this.

Configuration

First, set a default recovery limit for all hosts using the global recovery-limit parameter in amanda.conf. Often this will be something like 

recovery-limit same-host "backupserver.mycompany.com"

which says that, by default, client hosts can recover their own dumps, and that the host "backupserver" can recover all dumps.

For more complex circumstances, you can also add a recovery-limit parameter to particular dumptypes or DLEs. However, do not omit the global configuration, which limits access to dumps that are not in the disklist anymore. For example, to allow a restore from spareserver on a few DLEs, add a new parameter to each DLE like this: 

www1 /var/www {
    www-tar
    recovery-limit "spareserver"
}
Retrieved from ‘http://wiki.zmanda.com/index.php?title=How_To:Limit_the_Hosts_That_Can_Recover_a_DLE&oldid=7733