'\" t .\" Title: amanda-security.conf .\" Author: Jean-Louis Martineau .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: 12/01/2017 .\" Manual: File formats and conventions .\" Source: Amanda 3.5.1 .\" Language: English .\" .TH "AMANDA\-SECURITY\&.C" "5" "12/01/2017" "Amanda 3\&.5\&.1" "File formats and conventions" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" amanda-security.conf \- Client configuration file for Amanda .SH "DESCRIPTION" .PP \fBamanda-security.conf\fR(5) is the security configuration file for Amanda\&. This manpage lists the relevant sections and parameters of this file\&. .PP The file must be installed at \fB/etc/amanda\-security\&.conf\fR and only root must be able to write to it\&. Good permission are: .PP It must be readable by the amanda user and owned by root\&. Good permissions are: .nf $ ls \-l /etc/amanda\-security\&.conf \-rw\-r\-\-r\-\-\&. 1 root root 1994 Jan 29 13:45 /etc/amanda\-security\&.conf .fi .PP An example file should be installed at \fB/etc/amanda/amanda\-security\&.conf\fR\&. .PP All lines with \*(Aq#\*(Aq as the first character ar comment line\&. .SH "SECURE BINARIES" .PP The list of all executables amanda can execute as root\&. The format is as follow: .sp .nf AMANDA_PROGRAM:SYMBOLIC_NAME=REALPATH_TO_BINARY .fi .PP This file must contains realpath to executable, with all symbolic links resolved\&. You can use the \*(Aqrealpath\*(Aq command to find them\&. .PP Multiple line can be added for the same \*(AqAMANDA_PROGRAM:SYMBOLIC_NAME\*(Aq if you are using multiple binaries\&. .PP The \*(AqAMANDA_PROGRAM:SYMBOLIC_NAME\*(Aq can be any of the following: .PP runtar:gnutar_path .RS 4 The gnutar binary runtar is allowed to run\&. The default is `amgetconf build\&.gnutar_path` .RE .PP amgtar:gnutar_path .RS 4 The gnutar binary amgtar is allowed to run\&. The default is `amgetconf build\&.gnutar_path` .RE .PP amstar:star_path .RS 4 The star binary amstar is allowed to run\&. The default is `amgetconf build\&.star_path` .RE .PP ambsdtar:bsdtar_path .RS 4 The bsdtar binary ambsdtar is allowed to run\&. The default is `amgetconf build\&.bsdtar_path` .RE .SH "OTHERS SECURITY PARAMETERS" .PP restore_by_amanda_user=[yes|no] .RS 4 Default: no\&. Set to \*(Aqyes\*(Aq if you want the amanda user to restore file as root, required only if you run amgtar, amstar or ambsdtar as the amanda backup for recovery\&. .RE .PP tcp_port_range=int,int .RS 4 Default: no\&. Must be set to the range of privileged tcp port amanda can use, required for bsdtcp and krb5 auth\&. The range is inclusive .sp You can find the range you are configured to use with: .nf amgetconf CONF reserved\-udp\-port .fi .RE .PP udp_port_range=int,int .RS 4 Default: no\&. Must be set to the range of privileged udp port amanda can use, required for bsd and bsdudp auth\&. The range is inclusive .sp You can find the range you are configured to use with: .nf amgetconf CONF reserved\-udp\-port .fi .RE .SH "SEE ALSO" .PP \fBamanda\fR(8), \fBamanda.conf\fR(5) .PP The Amanda Wiki: : http://wiki.zmanda.com/ .SH "AUTHOR" .PP \fBJean\-Louis Martineau\fR <\&martineau@zmanda\&.com\&> .RS 4 Zmanda, Inc\&. (http://www\&.zmanda\&.com) .RE