Security issue through restore

A “standard user” can use the restore CD and run a restore, then he/she has the capacity to restore any backup to a PC/VM. This raised a significant security issue. In our environment this has happened twice.

Uroni, could you please update/post the document on how to build/make restore CD so that we can make some modifications in the middle of the restore process to block this security issue?

I am thinking to add an admin user verification or similar before the process can move ahead?

In the actual verson (2.0.2) of the restore CD, security is implemented. If your UrBackup Server is Password protected, you have to enter it, before you can perform a restore.

You’ll have to clarify. The users have the download_image right for the specific user per default, so they can restore images of that client. You’ll have to remove that in order for them to not be able to do that.