bacula/bacula.patch@0ba300bdf30a
bacula/bacula.patch
Mon, 20 Apr 2009 19:22:00 +0200
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Mon, 20 Apr 2009 19:22:00 +0200
- changeset 178
- 0ba300bdf30a
- parent 21
- 5ba5c2911c12
- child 213
- 117704011216
- permissions
- -rw-r--r--
Change unfortunate but partly useful overreaching security tradeoff.
The principle of allocating each running process an individual system
user and group can have security benefits, however maintining a plethora
of users, groups, processes, file modes, file permissions, and even
nonportable file ACLs on a host serving from a hundred processes has
some security disadvantages. This tradeoff is even worse for systems
like OpenPKG which benefit from administration transparency through the
use of minimal system intrusion and only three usage privilege levels.
1 Index: manpages/Makefile.in
2 diff -Nau manpages/Makefile.in.orig manpages/Makefile.in
3 --- manpages/Makefile.in.orig 2007-04-24 17:47:01.000000000 +0200
4 +++ manpages/Makefile.in 2008-11-19 22:55:01.066689027 +0100
5 @@ -20,23 +20,21 @@
6 install:
7 $(MKDIR) $(DESTDIR)/$(mandir)/man8
8 for I in ${MAN8}; \
9 - do ($(RMF) $$I.gz; gzip -c $$I >$$I.gz; \
10 - $(INSTALL_DATA) $$I.gz $(DESTDIR)$(mandir)/man8/$$I.gz; \
11 - rm -f $$I.gz); \
12 + do \
13 + $(INSTALL_DATA) $$I $(DESTDIR)$(mandir)/man8/$$I; \
14 done
15 $(MKDIR) $(DESTDIR)/$(mandir)/man1
16 for I in ${MAN1}; \
17 - do ($(RMF) $$I.gz; gzip -c $$I >$$I.gz; \
18 - $(INSTALL_DATA) $$I.gz $(DESTDIR)$(mandir)/man1/$$I.gz; \
19 - rm -f $$I.gz); \
20 + do \
21 + $(INSTALL_DATA) $$I $(DESTDIR)$(mandir)/man1/$$I; \
22 done
24 uninstall:
25 for I in ${MAN8}; \
26 - do (rm -f $(DESTDIR)$(mandir)/man8/$$I.gz); \
27 + do (rm -f $(DESTDIR)$(mandir)/man8/$$I); \
28 done
29 for I in ${MAN1}; \
30 - do (rm -f $(DESTDIR)$(mandir)/man1/$$I.gz); \
31 + do (rm -f $(DESTDIR)$(mandir)/man1/$$I); \
32 done
34 clean: dummy
35 Index: scripts/bacula.in
36 diff -Nau scripts/bacula.in.orig scripts/bacula.in
37 --- scripts/bacula.in.orig 2008-07-06 15:06:15.000000000 +0200
38 +++ scripts/bacula.in 2008-11-19 23:08:15.438347068 +0100
39 @@ -13,32 +13,38 @@
40 # easier to "steal" this code for the development
41 # environment where they are different.
42 #
43 -SCRIPTDIR=@scriptdir@
44 +SCRIPTDIR=@libexecdir@
46 -case "$1" in
47 +action=$1
48 +debug=$2
49 +[ -n "$3" ] && enable_dir=$3 || enable_dir=yes
50 +[ -n "$4" ] && enable_sd=$4 || enable_sd=yes
51 +[ -n "$5" ] && enable_fd=$5 || enable_fd=yes
52 +
53 +case "$action" in
54 start)
55 - [ -x ${SCRIPTDIR}/bacula-ctl-sd ] && ${SCRIPTDIR}/bacula-ctl-sd $1 $2
56 - [ -x ${SCRIPTDIR}/bacula-ctl-fd ] && ${SCRIPTDIR}/bacula-ctl-fd $1 $2
57 - [ -x ${SCRIPTDIR}/bacula-ctl-dir ] && ${SCRIPTDIR}/bacula-ctl-dir $1 $2
58 + [ "$enable_sd" = "yes" ] && [ -x ${SCRIPTDIR}/bacula-ctl-sd ] && ${SCRIPTDIR}/bacula-ctl-sd $1 $2
59 + [ "$enable_fd" = "yes" ] && [ -x ${SCRIPTDIR}/bacula-ctl-fd ] && ${SCRIPTDIR}/bacula-ctl-fd $1 $2
60 + [ "$enable_dir" = "yes" ] && [ -x ${SCRIPTDIR}/bacula-ctl-dir ] && ${SCRIPTDIR}/bacula-ctl-dir $1 $2
61 ;;
63 stop)
64 # Stop the FD first so that SD will fail jobs and update catalog
65 - [ -x ${SCRIPTDIR}/bacula-ctl-fd ] && ${SCRIPTDIR}/bacula-ctl-fd $1 $2
66 - [ -x ${SCRIPTDIR}/bacula-ctl-sd ] && ${SCRIPTDIR}/bacula-ctl-sd $1 $2
67 - [ -x ${SCRIPTDIR}/bacula-ctl-dir ] && ${SCRIPTDIR}/bacula-ctl-dir $1 $2
68 + [ "$enable_sd" = "yes" ] && [ -x ${SCRIPTDIR}/bacula-ctl-sd ] && ${SCRIPTDIR}/bacula-ctl-sd $1 $2
69 + [ "$enable_fd" = "yes" ] && [ -x ${SCRIPTDIR}/bacula-ctl-fd ] && ${SCRIPTDIR}/bacula-ctl-fd $1 $2
70 + [ "$enable_dir" = "yes" ] && [ -x ${SCRIPTDIR}/bacula-ctl-dir ] && ${SCRIPTDIR}/bacula-ctl-dir $1 $2
71 ;;
73 restart)
74 - $0 stop
75 + $0 stop $debug $enable_dir $enable_sd $enable_fd
76 sleep 2
77 - $0 start
78 + $0 start $debug $enable_dir $enable_sd $enable_fd
79 ;;
81 status)
82 - [ -x ${SCRIPTDIR}/bacula-ctl-sd ] && ${SCRIPTDIR}/bacula-ctl-sd status
83 - [ -x ${SCRIPTDIR}/bacula-ctl-fd ] && ${SCRIPTDIR}/bacula-ctl-fd status
84 - [ -x ${SCRIPTDIR}/bacula-ctl-dir ] && ${SCRIPTDIR}/bacula-ctl-dir status
85 + [ "$enable_sd" = "yes" ] && [ -x ${SCRIPTDIR}/bacula-ctl-sd ] && ${SCRIPTDIR}/bacula-ctl-sd status
86 + [ "$enable_fd" = "yes" ] && [ -x ${SCRIPTDIR}/bacula-ctl-fd ] && ${SCRIPTDIR}/bacula-ctl-fd status
87 + [ "$enable_dir" = "yes" ] && [ -x ${SCRIPTDIR}/bacula-ctl-dir ] && ${SCRIPTDIR}/bacula-ctl-dir status
88 ;;
90 *)
91 Index: scripts/btraceback.in
92 diff -Nau scripts/btraceback.in.orig scripts/btraceback.in
93 --- scripts/btraceback.in.orig 2008-06-01 10:49:00.000000000 +0200
94 +++ scripts/btraceback.in 2008-11-19 23:09:44.305993544 +0100
95 @@ -13,6 +13,9 @@
96 WD="@working_dir@"
97 if test `uname -s` = SunOS ; then
98 gcore -o ${WD}/${PNAME} $2
99 +fi
100 +if test `uname -s` = SunOS &&
101 + test -n `which dbx 2>/dev/null` ; then
102 dbx $1 $2 <@scriptdir@/btraceback.dbx >${WD}/bacula.$$.traceback 2>&1
103 cat ${WD}/bacula.$$.traceback \
104 | @sbindir@/bsmtp -h @smtp_host@ -f @dump_email@ -s "Bacula DBX traceback of ${PNAME}" @dump_email@
105 Index: src/dird/bacula-dir.conf.in
106 diff -Nau src/dird/bacula-dir.conf.in.orig src/dird/bacula-dir.conf.in
107 --- src/dird/bacula-dir.conf.in.orig 2008-06-19 21:44:34.000000000 +0200
108 +++ src/dird/bacula-dir.conf.in 2008-11-19 23:10:11.001069502 +0100
109 @@ -29,7 +29,8 @@
110 Level = Incremental
111 Client = @hostname@-fd
112 FileSet = "Full Set"
113 - Schedule = "WeeklyCycle"
114 + #Schedule = "WeeklyCycle"
115 + Schedule = "NEVER"
116 Storage = File
117 Messages = Standard
118 Pool = Default
119 @@ -109,7 +110,7 @@
120 # directory to give a reasonable FileSet to backup to
121 # disk storage during initial testing.
122 #
123 - File = @BUILD_DIR@
124 + File = @scriptdir@
125 }
127 #
128 @@ -124,6 +125,11 @@
129 }
130 }
132 +# This schedule can be used to disable automatic scheduling
133 +Schedule {
134 + Name = NEVER
135 +}
136 +
137 #
138 # When to do the backups, full backup on first sunday of the month,
139 # differential (i.e. incremental since full) every other sunday,
