<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<!--Converted with LaTeX2HTML 2008 (1.71)
original version by: Nikos Drakos, CBLU, University of Leeds
* revised and updated by: Marcus Hennecke, Ross Moore, Herb Swan
* with significant contributions from:
Jens Lippmann, Marek Rouchal, Martin Wilck and others -->
<HTML>
<HEAD>
<TITLE>Console Configuration</TITLE>
<META NAME="description" CONTENT="Console Configuration">
<META NAME="keywords" CONTENT="main">
<META NAME="resource-type" CONTENT="document">
<META NAME="distribution" CONTENT="global">
<META NAME="Generator" CONTENT="LaTeX2HTML v2008">
<META HTTP-EQUIV="Content-Style-Type" CONTENT="text/css">
<LINK REL="STYLESHEET" HREF="main.css">
<LINK REL="next" HREF="Monitor_Configuration.html">
<LINK REL="previous" HREF="Messages_Resource.html">
<LINK REL="up" HREF="Bacula_Main_Reference.html">
<LINK REL="next" HREF="Monitor_Configuration.html">
</HEAD>
<BODY >
<!--Navigation Panel-->
<A NAME="tex2html1552"
HREF="Monitor_Configuration.html">
<IMG WIDTH="37" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next" SRC="next.png"></A>
<A NAME="tex2html1546"
HREF="Bacula_Main_Reference.html">
<IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up" SRC="up.png"></A>
<A NAME="tex2html1540"
HREF="Messages_Resource.html">
<IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous" SRC="prev.png"></A>
<A NAME="tex2html1548"
HREF="Contents.html">
<IMG WIDTH="65" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="contents" SRC="contents.png"></A>
<A NAME="tex2html1550"
HREF="Thanks.html">
<IMG WIDTH="43" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="index" SRC="index.png"></A>
<BR>
<B> Next:</B> <A NAME="tex2html1553"
HREF="Monitor_Configuration.html">Monitor Configuration</A>
<B> Up:</B> <A NAME="tex2html1547"
HREF="Bacula_Main_Reference.html">Bacula Main Reference</A>
<B> Previous:</B> <A NAME="tex2html1541"
HREF="Messages_Resource.html">Messages Resource</A>
<B> <A NAME="tex2html1549"
HREF="Contents.html">Contents</A></B>
<B> <A NAME="tex2html1551"
HREF="Thanks.html">Index</A></B>
<BR>
<BR>
<!--End of Navigation Panel-->
<!--Table of Child-Links-->
<A NAME="CHILD_LINKS"><STRONG>Subsections</STRONG></A>
<UL>
<LI><A NAME="tex2html1554"
HREF="Console_Configuration.html#SECTION002310000000000000000">General</A>
<LI><A NAME="tex2html1555"
HREF="Console_Configuration.html#SECTION002320000000000000000">The Director Resource</A>
<LI><A NAME="tex2html1556"
HREF="Console_Configuration.html#SECTION002330000000000000000">The ConsoleFont Resource</A>
<LI><A NAME="tex2html1557"
HREF="Console_Configuration.html#SECTION002340000000000000000">The Console Resource</A>
<LI><A NAME="tex2html1558"
HREF="Console_Configuration.html#SECTION002350000000000000000">Console Commands</A>
<LI><A NAME="tex2html1559"
HREF="Console_Configuration.html#SECTION002360000000000000000">Sample Console Configuration File</A>
</UL>
<!--End of Table of Child-Links-->
<HR>
<H1><A NAME="SECTION002300000000000000000"></A>
<A NAME="ConsoleConfChapter"></A>
<BR>
Console Configuration
</H1>
<A NAME="13404"></A>
<A NAME="13405"></A>
<P>
<H1><A NAME="SECTION002310000000000000000">
General</A>
</H1>
<A NAME="13407"></A>
<P>
The Console configuration file is the simplest of all the configuration files,
and in general, you should not need to change it except for the password. It
simply contains the information necessary to contact the Director or
Directors.
<P>
For a general discussion of the syntax of configuration files and their
resources including the data types recognized by <B>Bacula</B>, please see
the ConfigurationConfigureChapter chapter of this manual.
<P>
The following Console Resource definition must be defined:
<P>
<H1><A NAME="SECTION002320000000000000000"></A>
<A NAME="DirectorResource3"></A>
<BR>
The Director Resource
</H1>
<A NAME="13413"></A>
<A NAME="13414"></A>
<P>
The Director resource defines the attributes of the Director running on the
network. You may have multiple Director resource specifications in a single
Console configuration file. If you have more than one, you will be prompted to
choose one when you start the <B>Console</B> program.
<P>
<DL>
<DT><STRONG>Director</STRONG></DT>
<DD><A NAME="13417"></A>
Start of the Director directives.
<P>
</DD>
<DT><STRONG>Name = name</STRONG></DT>
<DD><A NAME="13420"></A>
The director name used to select among different Directors, otherwise, this
name is not used.
<P>
</DD>
<DT><STRONG>DIRPort = port-number</STRONG></DT>
<DD><A NAME="13423"></A>
Specify the port to use to connect to the Director. This value will most
likely already be set to the value you specified on the <B> <code>--</code>with-base-port</B> option of the <B>./configure</B> command. This port must be
identical to the <B>DIRport</B> specified in the <B>Director</B> resource of
the Director's configurationDirectorChapter file. The
default is 9101 so this directive is not normally specified.
<P>
</DD>
<DT><STRONG>Address = address</STRONG></DT>
<DD><A NAME="13432"></A>
Where the address is a host name, a fully qualified domain name, or a network
address used to connect to the Director.
<P>
</DD>
<DT><STRONG>Password = password</STRONG></DT>
<DD><A NAME="13435"></A>
Where the password is the password needed for the Director to accept the
Console connection. This password must be identical to the <B>Password</B>
specified in the <B>Director</B> resource of the
Director's configurationDirectorChapter file. This
directive is required.
</DD>
</DL>
<P>
An actual example might be:
<P>
<PRE>
Director {
Name = HeadMan
address = rufus.cats.com
password = xyz1erploit
}
</PRE>
<P>
<H1><A NAME="SECTION002330000000000000000">
The ConsoleFont Resource</A>
</H1>
<A NAME="13444"></A>
<A NAME="13445"></A>
<P>
The ConsoleFont resource is available only in the GNOME version of the
console. It permits you to define the font that you want used to display in
the main listing window.
<P>
<DL>
<DT><STRONG>ConsoleFont</STRONG></DT>
<DD><A NAME="13447"></A>
Start of the ConsoleFont directives.
<P>
</DD>
<DT><STRONG>Name = name</STRONG></DT>
<DD><A NAME="13450"></A>
The name of the font.
<P>
</DD>
<DT><STRONG>Font = Pango Font Name</STRONG></DT>
<DD><A NAME="13453"></A>
The string value given here defines the desired font. It is specified in the
Pango format. For example, the default specification is:
<P>
<PRE>
Font = "LucidaTypewriter 9"
</PRE>
<P>
</DD>
</DL>
<P>
Thanks to Phil Stracchino for providing the code for this feature.
<P>
An different example might be:
<P>
<PRE>
ConsoleFont {
Name = Default
Font = "Monospace 10"
}
</PRE>
<P>
<H1><A NAME="SECTION002340000000000000000"></A>
<A NAME="ConsoleResource"></A>
<BR>
The Console Resource
</H1>
<A NAME="13461"></A>
<A NAME="13462"></A>
<P>
As of Bacula version 1.33 and higher, there are three different kinds of
consoles, which the administrator or user can use to interact with the
Director. These three kinds of consoles comprise three different security
levels.
<P>
<UL>
<LI>The first console type is an <B>anonymous</B> or <B>default</B> console,
which has full privileges. There is no console resource necessary for this
type since the password is specified in the Director resource. This is the
kind of console that was initially implemented in versions prior to 1.33 and
remains valid. Typically you would use it only for administrators.
<P>
</LI>
<LI>The second type of console, and new to version 1.33 and higher is a
"named" or "restricted" console defined within a Console resource in
both the Director's configuration file and in the Console's
configuration file. Both the names and the passwords in these two
entries must match much as is the case for Client programs.
<P>
This second type of console begins with absolutely no privileges except
those explicitly specified in the Director's Console resource. Note,
the definition of what these restricted consoles can do is determined
by the Director's conf file.
<P>
Thus you may define within the Director's conf file multiple Consoles
with different names and passwords, sort of like multiple users, each
with different privileges. As a default, these consoles can do
absolutely nothing - no commands what so ever. You give them
privileges or rather access to commands and resources by specifying
access control lists in the Director's Console resource. This gives the
administrator fine grained control over what particular consoles (or
users) can do.
<P>
</LI>
<LI>The third type of console is similar to the above mentioned
restricted console in that it requires a Console resource definition in
both the Director and the Console. In addition, if the console name,
provided on the <B>Name =</B> directive, is the same as a Client name,
the user of that console is permitted to use the <B>SetIP</B> command to
change the Address directive in the Director's client resource to the IP
address of the Console. This permits portables or other machines using
DHCP (non-fixed IP addresses) to "notify" the Director of their current
IP address.
<P>
</LI>
</UL>
<P>
The Console resource is optional and need not be specified. However, if it is
specified, you can use ACLs (Access Control Lists) in the Director's
configuration file to restrict the particular console (or user) to see only
information pertaining to his jobs or client machine.
<P>
You may specify as many Console resources in the console's conf file. If
you do so, generally the first Console resource will be used. However, if
you have multiple Director resources (i.e. you want to connect to different
directors), you can bind one of your Console resources to a particular
Director resource, and thus when you choose a particular Director, the
appropriate Console configuration resource will be used. See the "Director"
directive in the Console resource described below for more information.
<P>
Note, the Console resource is optional, but can be useful for
restricted consoles as noted above.
<P>
<DL>
<DT><STRONG>Console</STRONG></DT>
<DD><A NAME="13470"></A>
Start of the Console resource.
<P>
</DD>
<DT><STRONG>Name = name</STRONG></DT>
<DD><A NAME="13473"></A>
The Console name used to allow a restricted console to change
its IP address using the SetIP command. The SetIP command must
also be defined in the Director's conf CommandACL list.
<P>
</DD>
<DT><STRONG>Password = password</STRONG></DT>
<DD><A NAME="13476"></A>
If this password is supplied, then the password specified in the
Director resource of you Console conf will be ignored. See below
for more details.
<P>
</DD>
<DT><STRONG>Director = director-resource-name</STRONG></DT>
<DD>If this directive is specified, this Console resource will be
used by bconsole when that particular director is selected
when first starting bconsole. I.e. it binds a particular console
resource with its name and password to a particular director.
<P>
</DD>
<DT><STRONG>Heartbeat Interval = time-interval</STRONG></DT>
<DD><A NAME="13481"></A>
<A NAME="13482"></A>
This directive is optional and if specified will cause the Console to
set a keepalive interval (heartbeat) in seconds on each of the sockets
to communicate with the Director. It is implemented only on systems
(Linux, ...) that provide the <B>setsockopt</B> TCP_KEEPIDLE function.
The default value is zero, which means no change is made to the socket.
<P>
</DD>
</DL>
<P>
The following configuration files were supplied by Phil Stracchino. For
example, if we define the following in the user's bconsole.conf file (or
perhaps the bwx-console.conf file):
<P>
<PRE>
Director {
Name = MyDirector
DIRport = 9101
Address = myserver
Password = "XXXXXXXXXXX" # no, really. this is not obfuscation.
}
Console {
Name = restricted-user
Password = "UntrustedUser"
}
</PRE>
<P>
Where the Password in the Director section is deliberately incorrect, and the
Console resource is given a name, in this case <B>restricted-user</B>. Then
in the Director's bacula-dir.conf file (not directly accessible by the user),
we define:
<P>
<PRE>
Console {
Name = restricted-user
Password = "UntrustedUser"
JobACL = "Restricted Client Save"
ClientACL = restricted-client
StorageACL = main-storage
ScheduleACL = *all*
PoolACL = *all*
FileSetACL = "Restricted Client's FileSet"
CatalogACL = DefaultCatalog
CommandACL = run
}
</PRE>
<P>
the user logging into the Director from his Console will get logged in as <B>restricted-user</B>, and he will only be able to see or access a Job with the
name <B>Restricted Client Save</B> a Client with the name <B>restricted-client</B>, a Storage device <B>main-storage</B>, any Schedule or Pool,
a FileSet named <B>Restricted Client's FileSet</B>, a Catalog named <B>DefaultCatalog</B>, and the only command he can use in the Console is the <B>run</B> command. In other words, this user is rather limited in what he can see
and do with Bacula.
<P>
The following is an example of a bconsole conf file that can access
several Directors and has different Consoles depending on the director:
<P>
<PRE>
Director {
Name = MyDirector
DIRport = 9101
Address = myserver
Password = "XXXXXXXXXXX" # no, really. this is not obfuscation.
}
Director {
Name = SecondDirector
DIRport = 9101
Address = secondserver
Password = "XXXXXXXXXXX" # no, really. this is not obfuscation.
}
Console {
Name = restricted-user
Password = "UntrustedUser"
Director = MyDirector
}
Console {
Name = restricted-user
Password = "A different UntrustedUser"
Director = SecondDirector
}
</PRE>
<P>
The second Director referenced at "secondserver" might look
like the following:
<P>
<PRE>
Console {
Name = restricted-user
Password = "A different UntrustedUser"
JobACL = "Restricted Client Save"
ClientACL = restricted-client
StorageACL = second-storage
ScheduleACL = *all*
PoolACL = *all*
FileSetACL = "Restricted Client's FileSet"
CatalogACL = RestrictedCatalog
CommandACL = run, restore
WhereACL = "/"
}
</PRE>
<P>
<H1><A NAME="SECTION002350000000000000000">
Console Commands</A>
</H1>
<A NAME="13502"></A>
<A NAME="13503"></A>
<P>
For more details on running the console and its commands, please see the
Bacula Console_ConsoleChapter chapter of this manual.
<P>
<H1><A NAME="SECTION002360000000000000000"></A>
<A NAME="SampleConfiguration2"></A>
<BR>
Sample Console Configuration File
</H1>
<A NAME="13508"></A>
<A NAME="13509"></A>
<P>
An example Console configuration file might be the following:
<P>
<PRE>
#
# Bacula Console Configuration File
#
Director {
Name = HeadMan
address = "my_machine.my_domain.com"
Password = Console_password
}
</PRE>
<P>
<HR>
<!--Navigation Panel-->
<A NAME="tex2html1552"
HREF="Monitor_Configuration.html">
<IMG WIDTH="37" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next" SRC="next.png"></A>
<A NAME="tex2html1546"
HREF="Bacula_Main_Reference.html">
<IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up" SRC="up.png"></A>
<A NAME="tex2html1540"
HREF="Messages_Resource.html">
<IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous" SRC="prev.png"></A>
<A NAME="tex2html1548"
HREF="Contents.html">
<IMG WIDTH="65" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="contents" SRC="contents.png"></A>
<A NAME="tex2html1550"
HREF="Thanks.html">
<IMG WIDTH="43" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="index" SRC="index.png"></A>
<BR>
<B> Next:</B> <A NAME="tex2html1553"
HREF="Monitor_Configuration.html">Monitor Configuration</A>
<B> Up:</B> <A NAME="tex2html1547"
HREF="Bacula_Main_Reference.html">Bacula Main Reference</A>
<B> Previous:</B> <A NAME="tex2html1541"
HREF="Messages_Resource.html">Messages Resource</A>
<B> <A NAME="tex2html1549"
HREF="Contents.html">Contents</A></B>
<B> <A NAME="tex2html1551"
HREF="Thanks.html">Index</A></B>
<!--End of Navigation Panel-->
<ADDRESS>
2012-01-24
</ADDRESS>
</BODY>
</HTML>
