1AMANDA-SECURITY.C(5)     File formats and conventions     AMANDA-SECURITY.C(5)
2
3
4

NAME

6       amanda-security.conf - Client configuration file for Amanda
7

DESCRIPTION

9       amanda-security.conf(5) is the security configuration file for Amanda.
10       This manpage lists the relevant sections and parameters of this file.
11
12       The file must be installed at /etc/amanda-security.conf and only root
13       must be able to write to it. Good permission are:
14
15       It must be readable by the amanda user and owned by root. Good
16       permissions are:
17       $ ls -l /etc/amanda-security.conf
18       -rw-r--r--. 1 root root 1994 Jan 29 13:45 /etc/amanda-security.conf
19
20       An example file should be installed at
21       /etc/amanda/amanda-security.conf.
22
23       All lines with '#' as the first character ar comment line.
24

SECURE BINARIES

26       The list of all executables amanda can execute as root. The format is
27       as follow:
28
29          AMANDA_PROGRAM:SYMBOLIC_NAME=REALPATH_TO_BINARY
30
31       This file must contains realpath to executable, with all symbolic links
32       resolved. You can use the 'realpath' command to find them.
33
34       Multiple line can be added for the same 'AMANDA_PROGRAM:SYMBOLIC_NAME'
35       if you are using multiple binaries.
36
37       The 'AMANDA_PROGRAM:SYMBOLIC_NAME' can be any of the following:
38
39       runtar:gnutar_path
40           The gnutar binary runtar is allowed to run. The default is
41           `amgetconf build.gnutar_path`
42
43       amgtar:gnutar_path
44           The gnutar binary amgtar is allowed to run. The default is
45           `amgetconf build.gnutar_path`
46
47       amstar:star_path
48           The star binary amstar is allowed to run. The default is `amgetconf
49           build.star_path`
50
51       ambsdtar:bsdtar_path
52           The bsdtar binary ambsdtar is allowed to run. The default is
53           `amgetconf build.bsdtar_path`
54

OTHERS SECURITY PARAMETERS

56       restore_by_amanda_user=[yes|no]
57           Default: no. Set to 'yes' if you want the amanda user to restore
58           file as root, required only if you run amgtar, amstar or ambsdtar
59           as the amanda backup for recovery.
60
61       tcp_port_range=int,int
62           Default: no. Must be set to the range of privileged tcp port amanda
63           can use, required for bsdtcp and krb5 auth. The range is inclusive
64
65           You can find the range you are configured to use with:
66             amgetconf CONF reserved-udp-port
67
68       udp_port_range=int,int
69           Default: no. Must be set to the range of privileged udp port amanda
70           can use, required for bsd and bsdudp auth. The range is inclusive
71
72           You can find the range you are configured to use with:
73             amgetconf CONF reserved-udp-port
74

SEE ALSO

76       amanda(8), amanda.conf(5)
77
78       The Amanda Wiki: : http://wiki.zmanda.com/
79

AUTHOR

81       Jean-Louis Martineau <martineau@zmanda.com>
82           Zmanda, Inc. (http://www.zmanda.com)
83
84
85
86Amanda 3.5.1                      12/01/2017              AMANDA-SECURITY.C(5)
Impressum