amanda-security.conf






amanda‐security.conf − Client configuration file for Amanda



     amanda‐security.conf(5) is the security configuration
file for Amanda. This manpage lists the relevant sections
and parameters of this file.

     The file must be installed at /etc/amanda−security.conf
and only root must be able to write to it. Good permission
are:

     It must be readable by the amanda user and owned by
root. Good permissions are:
$ ls −l /etc/amanda−security.conf
−rw−r−−r−−. 1 root root 1994 Jan 29 13:45 /etc/amanda−security.conf

     An example file should be installed at
/etc/amanda/amanda−security.conf.

     All lines with '#' as the first character ar comment
line.



     The list of all executables amanda can execute as root.
The format is as follow:

   AMANDA_PROGRAM:SYMBOLIC_NAME=REALPATH_TO_BINARY

     This file must contains realpath to executable, with
all symbolic links resolved. You can use the 'realpath'
command to find them.

     Multiple line can be added for the same
'AMANDA_PROGRAM:SYMBOLIC_NAME' if you are using multiple
binaries.

     The 'AMANDA_PROGRAM:SYMBOLIC_NAME' can be any of the
following:

     runtar:gnutar_path
     The gnutar binary runtar is allowed to run. The default
     is ‘amgetconf build.gnutar_path‘

     amgtar:gnutar_path
     The gnutar binary amgtar is allowed to run. The default
     is ‘amgetconf build.gnutar_path‘

     amstar:star_path
     The star binary amstar is allowed to run. The default
     is ‘amgetconf build.star_path‘











                             ‐2‐


     ambsdtar:bsdtar_path
     The bsdtar binary ambsdtar is allowed to run. The
     default is ‘amgetconf build.bsdtar_path‘



     restore_by_amanda_user=[yes|no]
     Default: no. Set to 'yes' if you want the amanda user
     to restore file as root, required only if you run
     amgtar, amstar or ambsdtar as the amanda backup for
     recovery.

     tcp_port_range=int,int
     Default: no. Must be set to the range of privileged tcp
     port amanda can use, required for bsdtcp and krb5 auth.
     The range is inclusive

     You can find the range you are configured to use with:
       amgetconf CONF reserved−udp−port

     udp_port_range=int,int
     Default: no. Must be set to the range of privileged udp
     port amanda can use, required for bsd and bsdudp auth.
     The range is inclusive

     You can find the range you are configured to use with:
       amgetconf CONF reserved−udp−port



     amanda(8), amanda.conf(5)

     The Amanda Wiki: : http://wiki.zmanda.com/



     Jean−Louis Martineau <martineau@zmanda.com>
     Zmanda, Inc. (http://www.zmanda.com)