• file
• revisions
• annotate
• diff
• comparison
• raw

bacula/bacula.patch@0ba300bdf30a (annotated)

bacula/bacula.patch

Mon, 20 Apr 2009 19:22:00 +0200

author

Michael Schloh von Bennewitz <michael@schloh.com>

date

Mon, 20 Apr 2009 19:22:00 +0200

changeset 178

0ba300bdf30a

parent 21

5ba5c2911c12

child 213

117704011216

permissions

-rw-r--r--

Change unfortunate but partly useful overreaching security tradeoff.
The principle of allocating each running process an individual system
user and group can have security benefits, however maintining a plethora
of users, groups, processes, file modes, file permissions, and even
nonportable file ACLs on a host serving from a hundred processes has
some security disadvantages. This tradeoff is even worse for systems
like OpenPKG which benefit from administration transparency through the
use of minimal system intrusion and only three usage privilege levels.

michael@20	1	Index: manpages/Makefile.in
michael@21	2	diff -Nau manpages/Makefile.in.orig manpages/Makefile.in
michael@21	3	--- manpages/Makefile.in.orig 2007-04-24 17:47:01.000000000 +0200
michael@21	4	+++ manpages/Makefile.in 2008-11-19 22:55:01.066689027 +0100
michael@20	5	@@ -20,23 +20,21 @@
michael@20	6	install:
michael@20	7	$(MKDIR) $(DESTDIR)/$(mandir)/man8
michael@20	8	for I in ${MAN8}; \
michael@20	9	- do ($(RMF) $$I.gz; gzip -c $$I >$$I.gz; \
michael@20	10	- $(INSTALL_DATA) $$I.gz $(DESTDIR)$(mandir)/man8/$$I.gz; \
michael@20	11	- rm -f $$I.gz); \
michael@20	12	+ do \
michael@20	13	+ $(INSTALL_DATA) $$I $(DESTDIR)$(mandir)/man8/$$I; \
michael@20	14	done
michael@20	15	$(MKDIR) $(DESTDIR)/$(mandir)/man1
michael@20	16	for I in ${MAN1}; \
michael@20	17	- do ($(RMF) $$I.gz; gzip -c $$I >$$I.gz; \
michael@20	18	- $(INSTALL_DATA) $$I.gz $(DESTDIR)$(mandir)/man1/$$I.gz; \
michael@20	19	- rm -f $$I.gz); \
michael@20	20	+ do \
michael@20	21	+ $(INSTALL_DATA) $$I $(DESTDIR)$(mandir)/man1/$$I; \
michael@20	22	done
michael@20	23
michael@20	24	uninstall:
michael@20	25	for I in ${MAN8}; \
michael@20	26	- do (rm -f $(DESTDIR)$(mandir)/man8/$$I.gz); \
michael@20	27	+ do (rm -f $(DESTDIR)$(mandir)/man8/$$I); \
michael@20	28	done
michael@20	29	for I in ${MAN1}; \
michael@20	30	- do (rm -f $(DESTDIR)$(mandir)/man1/$$I.gz); \
michael@20	31	+ do (rm -f $(DESTDIR)$(mandir)/man1/$$I); \
michael@20	32	done
michael@20	33
michael@20	34	clean: dummy
michael@20	35	Index: scripts/bacula.in
michael@21	36	diff -Nau scripts/bacula.in.orig scripts/bacula.in
michael@21	37	--- scripts/bacula.in.orig 2008-07-06 15:06:15.000000000 +0200
michael@21	38	+++ scripts/bacula.in 2008-11-19 23:08:15.438347068 +0100
michael@21	39	@@ -13,32 +13,38 @@
michael@21	40	# easier to "steal" this code for the development
michael@21	41	# environment where they are different.
michael@20	42	#
michael@21	43	-SCRIPTDIR=@scriptdir@
michael@21	44	+SCRIPTDIR=@libexecdir@
michael@20	45
michael@21	46	-case "$1" in
michael@20	47	+action=$1
michael@20	48	+debug=$2
michael@20	49	+[ -n "$3" ] && enable_dir=$3 || enable_dir=yes
michael@20	50	+[ -n "$4" ] && enable_sd=$4 || enable_sd=yes
michael@20	51	+[ -n "$5" ] && enable_fd=$5 || enable_fd=yes
michael@21	52	+
michael@21	53	+case "$action" in
michael@20	54	start)
michael@20	55	- [ -x ${SCRIPTDIR}/bacula-ctl-sd ] && ${SCRIPTDIR}/bacula-ctl-sd $1 $2
michael@20	56	- [ -x ${SCRIPTDIR}/bacula-ctl-fd ] && ${SCRIPTDIR}/bacula-ctl-fd $1 $2
michael@20	57	- [ -x ${SCRIPTDIR}/bacula-ctl-dir ] && ${SCRIPTDIR}/bacula-ctl-dir $1 $2
michael@21	58	+ [ "$enable_sd" = "yes" ] && [ -x ${SCRIPTDIR}/bacula-ctl-sd ] && ${SCRIPTDIR}/bacula-ctl-sd $1 $2
michael@21	59	+ [ "$enable_fd" = "yes" ] && [ -x ${SCRIPTDIR}/bacula-ctl-fd ] && ${SCRIPTDIR}/bacula-ctl-fd $1 $2
michael@20	60	+ [ "$enable_dir" = "yes" ] && [ -x ${SCRIPTDIR}/bacula-ctl-dir ] && ${SCRIPTDIR}/bacula-ctl-dir $1 $2
michael@20	61	;;
michael@20	62
michael@20	63	stop)
michael@20	64	# Stop the FD first so that SD will fail jobs and update catalog
michael@20	65	- [ -x ${SCRIPTDIR}/bacula-ctl-fd ] && ${SCRIPTDIR}/bacula-ctl-fd $1 $2
michael@20	66	- [ -x ${SCRIPTDIR}/bacula-ctl-sd ] && ${SCRIPTDIR}/bacula-ctl-sd $1 $2
michael@20	67	- [ -x ${SCRIPTDIR}/bacula-ctl-dir ] && ${SCRIPTDIR}/bacula-ctl-dir $1 $2
michael@21	68	+ [ "$enable_sd" = "yes" ] && [ -x ${SCRIPTDIR}/bacula-ctl-sd ] && ${SCRIPTDIR}/bacula-ctl-sd $1 $2
michael@21	69	+ [ "$enable_fd" = "yes" ] && [ -x ${SCRIPTDIR}/bacula-ctl-fd ] && ${SCRIPTDIR}/bacula-ctl-fd $1 $2
michael@20	70	+ [ "$enable_dir" = "yes" ] && [ -x ${SCRIPTDIR}/bacula-ctl-dir ] && ${SCRIPTDIR}/bacula-ctl-dir $1 $2
michael@20	71	;;
michael@20	72
michael@20	73	restart)
michael@20	74	- $0 stop
michael@20	75	+ $0 stop $debug $enable_dir $enable_sd $enable_fd
michael@20	76	sleep 2
michael@20	77	- $0 start
michael@20	78	+ $0 start $debug $enable_dir $enable_sd $enable_fd
michael@20	79	;;
michael@20	80
michael@20	81	status)
michael@20	82	- [ -x ${SCRIPTDIR}/bacula-ctl-sd ] && ${SCRIPTDIR}/bacula-ctl-sd status
michael@20	83	- [ -x ${SCRIPTDIR}/bacula-ctl-fd ] && ${SCRIPTDIR}/bacula-ctl-fd status
michael@20	84	- [ -x ${SCRIPTDIR}/bacula-ctl-dir ] && ${SCRIPTDIR}/bacula-ctl-dir status
michael@21	85	+ [ "$enable_sd" = "yes" ] && [ -x ${SCRIPTDIR}/bacula-ctl-sd ] && ${SCRIPTDIR}/bacula-ctl-sd status
michael@21	86	+ [ "$enable_fd" = "yes" ] && [ -x ${SCRIPTDIR}/bacula-ctl-fd ] && ${SCRIPTDIR}/bacula-ctl-fd status
michael@20	87	+ [ "$enable_dir" = "yes" ] && [ -x ${SCRIPTDIR}/bacula-ctl-dir ] && ${SCRIPTDIR}/bacula-ctl-dir status
michael@20	88	;;
michael@20	89
michael@20	90	*)
michael@20	91	Index: scripts/btraceback.in
michael@21	92	diff -Nau scripts/btraceback.in.orig scripts/btraceback.in
michael@21	93	--- scripts/btraceback.in.orig 2008-06-01 10:49:00.000000000 +0200
michael@21	94	+++ scripts/btraceback.in 2008-11-19 23:09:44.305993544 +0100
michael@142	95	@@ -13,6 +13,9 @@
michael@142	96	WD="@working_dir@"
michael@20	97	if test `uname -s` = SunOS ; then
michael@142	98	gcore -o ${WD}/${PNAME} $2
michael@20	99	+fi
michael@20	100	+if test `uname -s` = SunOS &&
michael@20	101	+ test -n `which dbx 2>/dev/null` ; then
michael@142	102	dbx $1 $2 <@scriptdir@/btraceback.dbx >${WD}/bacula.$$.traceback 2>&1
michael@142	103	cat ${WD}/bacula.$$.traceback \
michael@20	104	| @sbindir@/bsmtp -h @smtp_host@ -f @dump_email@ -s "Bacula DBX traceback of ${PNAME}" @dump_email@
michael@20	105	Index: src/dird/bacula-dir.conf.in
michael@21	106	diff -Nau src/dird/bacula-dir.conf.in.orig src/dird/bacula-dir.conf.in
michael@21	107	--- src/dird/bacula-dir.conf.in.orig 2008-06-19 21:44:34.000000000 +0200
michael@21	108	+++ src/dird/bacula-dir.conf.in 2008-11-19 23:10:11.001069502 +0100
michael@20	109	@@ -29,7 +29,8 @@
michael@20	110	Level = Incremental
michael@20	111	Client = @hostname@-fd
michael@20	112	FileSet = "Full Set"
michael@20	113	- Schedule = "WeeklyCycle"
michael@20	114	+ #Schedule = "WeeklyCycle"
michael@20	115	+ Schedule = "NEVER"
michael@20	116	Storage = File
michael@20	117	Messages = Standard
michael@20	118	Pool = Default
michael@20	119	@@ -109,7 +110,7 @@
michael@20	120	# directory to give a reasonable FileSet to backup to
michael@20	121	# disk storage during initial testing.
michael@20	122	#
michael@20	123	- File = @BUILD_DIR@
michael@20	124	+ File = @scriptdir@
michael@20	125	}
michael@20	126
michael@20	127	#
michael@20	128	@@ -124,6 +125,11 @@
michael@20	129	}
michael@20	130	}
michael@20	131
michael@20	132	+# This schedule can be used to disable automatic scheduling
michael@20	133	+Schedule {
michael@20	134	+ Name = NEVER
michael@20	135	+}
michael@20	136	+
michael@20	137	#
michael@20	138	# When to do the backups, full backup on first sunday of the month,
michael@20	139	# differential (i.e. incremental since full) every other sunday,