I ran into a situation where the director and storage systems weren't trusted by the fd client. Ie, some of the data on the client should not be available to the director. Nor should the director have rights to create or delete critical files on the client.
The approach I took was to:
The result is that bacula is used to backup selected files without trusting the bacula system. File names are still exposed but I wasn't concerned about that.
#!/bin/bash # compress and encrypt files and then copy to a directory where bacula will get them # don't update files that haven't changed. Not recursive. DIR=/u2/chroot/bacula/data export DIR cd xxx for i in * do if test -f "$i" then if test -f "$DIR/$i" -a "$DIR/$i" -nt "$i" then : else gpg --compress-algo bzip2 --passphrase xxxxxxxxx --no-use-agent -c < "$i" > "$DIR/$i" fi fi done