Provided by: amanda-common_3.5.1-9_amd64 bug

NAME

       amanda-security.conf - Client configuration file for Amanda

DESCRIPTION

       amanda-security.conf(5) is the security configuration file for Amanda. This manpage lists
       the relevant sections and parameters of this file.

       The file must be installed at /etc/amanda-security.conf and only root must be able to
       write to it. Good permission are:

       It must be readable by the amanda user and owned by root. Good permissions are:
       $ ls -l /etc/amanda-security.conf
       -rw-r--r--. 1 root root 1994 Jan 29 13:45 /etc/amanda-security.conf

       An example file should be installed at /etc/amanda/amanda-security.conf.

       All lines with '#' as the first character ar comment line.

SECURE BINARIES

       The list of all executables amanda can execute as root. The format is as follow:

          AMANDA_PROGRAM:SYMBOLIC_NAME=REALPATH_TO_BINARY

       This file must contains realpath to executable, with all symbolic links resolved. You can
       use the 'realpath' command to find them.

       Multiple line can be added for the same 'AMANDA_PROGRAM:SYMBOLIC_NAME' if you are using
       multiple binaries.

       The 'AMANDA_PROGRAM:SYMBOLIC_NAME' can be any of the following:

       runtar:gnutar_path
           The gnutar binary runtar is allowed to run. The default is `amgetconf
           build.gnutar_path`

       amgtar:gnutar_path
           The gnutar binary amgtar is allowed to run. The default is `amgetconf
           build.gnutar_path`

       amstar:star_path
           The star binary amstar is allowed to run. The default is `amgetconf build.star_path`

       ambsdtar:bsdtar_path
           The bsdtar binary ambsdtar is allowed to run. The default is `amgetconf
           build.bsdtar_path`

OTHERS SECURITY PARAMETERS

       restore_by_amanda_user=[yes|no]
           Default: no. Set to 'yes' if you want the amanda user to restore file as root,
           required only if you run amgtar, amstar or ambsdtar as the amanda backup for recovery.

       tcp_port_range=int,int
           Default: no. Must be set to the range of privileged tcp port amanda can use, required
           for bsdtcp and krb5 auth. The range is inclusive

           You can find the range you are configured to use with:
             amgetconf CONF reserved-udp-port

       udp_port_range=int,int
           Default: no. Must be set to the range of privileged udp port amanda can use, required
           for bsd and bsdudp auth. The range is inclusive

           You can find the range you are configured to use with:
             amgetconf CONF reserved-udp-port

SEE ALSO

       amanda(8), amanda.conf(5)

       The Amanda Wiki: : http://wiki.zmanda.com/

AUTHOR

       Jean-Louis Martineau <martineau@zmanda.com>
           Zmanda, Inc. (http://www.zmanda.com)