[pkg-bacula-commits] [bacula] 02/02: Document disabling non-root mode

[Sven Hartge]

This is an automated email from the git hooks/post-receive script.

hartge-guest pushed a commit to branch systemd-fixuser
in repository bacula.

commit b4d8d04ed5fdd689f0840d59396752b5912a03bd
Author: Sven Hartge <sven at svenhartge.de>
Date:   Mon Aug 29 22:33:58 2016 +0200

    Document disabling non-root mode
---
 debian/README.Debian | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/debian/README.Debian b/debian/README.Debian
index f3c93c1..f9d1a1e 100644
--- a/debian/README.Debian
+++ b/debian/README.Debian
@@ -89,6 +89,31 @@ installing a different bacula-director-DBTYPE package. This will pull
 in the needed dependencies for the new database backend and remove the
 ones from the old one.
 
+DISABLING NON-ROOT MODE FOR BACULA-FD
+=====================================
+
+On Linux systems with capabilities bacula-fd runs as a non-root user
+with read-only privileges to all files. This reduces the attack
+surface the daemon provides.
+
+You can disable this security feature the following ways, depending on
+your system setup:
+
+a) for SysV-init based systems:
+
+   Edit /etc/default/bacula-fd and add
+   ENABLE_NONROOT=false
+
+b) for systemd based systems:
+
+   Use systemctl edit bacula-fd.service and put the following lines
+   into the override configuration:
+
+   [Service]
+   User=root
+   Group=root
+
+
 CONSOLE
 =======
 

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-bacula/bacula.git