TNCA-0004 – Understanding Volume White Listing
Created: Jan 07, 2015Â |Â Updated: July 06, 2020
ChronoAgent is a powerful add-on to ChronoSync that increases the security, reliability and performance of connections between two Macs. Part of the power and flexibility that ChronoAgent offers comes from the fact that ChronoAgent provides full access to the file system of the computer it is installed on. This makes features such as home folder backups and remote bootable cloning possible. However, there are times when you may not wish to provide full, unfettered access to a ChronoAgent machine. ChronoAgent v1.5 introduces a feature called Volume Whitelisting that can accommodate these situations. This tech-note explains this feature, how it can be used and certain limitations that you must be aware of.
VOLUME SELECTION
Once a ChronoAgent connection profile has been created, you select the profile from the “Connect To:” popup menu in the Setup panel of a ChronoSync synchronizer document. At that point you can click “Choose” to select a volume and folder on the ChronoAgent Mac to be a target for your sync or backup. In the selection sheet that appears, you can select any volume connected to the ChronoAgent Mac, then navigate to any folder on that volume to use as your target.
If ChronoAgent v1.5 is being used, it can be configured to limit what volumes are selectable by the ChronoSync user. In the “Advanced” panel of the ChronoAgent Preference Pane, you choose “User Paths” and then enable the “Limit client path selection to specific volumes” settings. You can then add volumes to the list. Each of these volumes is then considered “whitelisted.”
After enabling this feature, clicking “Choose” in ChronoSync will only allow the whitelisted volumes to be selected and only folders on those volumes can be chosen as targets. This allows you to designate specific volumes on a computer to act as backup or synchronization targets. The system volume (or other connected drives) can be omitted from the whitelist and they will not be visible and selectable from ChronoSync. This is very useful in scenarios where a ChronoAgent Mac is being used as a backup repository. For more information, see the ChronoAgent v1.5 Features guide.
NOT A SECURITY LAYER!
While it may appear on the surface that volume whitelisting is a security feature, it technically is not. There is a good reason that it is available in the “User Paths” section of the ChronoAgent Preference Pane and not “Security”. That is because it ONLY affects the act of selecting target volumes and paths.
ChronoSync can still technically access the complete file system of the ChronoAgent machine. This is possible if a ChronoSync task were configured to target a specific volume/folder on the ChronoAgent machine BEFORE volume whitelisting was enabled. That synchronizer task will still be able to access the designated volume even after access to that volume is restricted via whitelisting. The user won’t be able to change the target to point to another folder on the restricted volume but, as long as they leave the target setting untouched, it will continue to work.
Thus it is important to realize that you cannot revoke access to a volume by removing it from the whitelist. The only way to truly revoke user access is to change the username and/or password of the agent (which of course, revokes ALL user access).
HIDDEN USAGE
Despite seeming like a shortcoming, the fact that volume whitelisting only applies to target selection can be used to your advantage. For instance, the above backup repository scenario could be employed in an organization. However, an administrator can temporarily disable whitelisting and configure a synchronizer document that backs up the entire system volume of the ChronoAgent Mac. Whitelisting can then be enabled, preventing any other user from accessing volumes that aren’t in the whitelist. This one synchronizer document will still be able to access the system volume and perform regular system backups!
LIMITATIONS
There aren’t any additional limitations to be aware of other than just a reminder that any synchronizer document that was configured when whitelisting was not enabled will still have access the designated volume. If such documents exist on end-user machines, the user could conceivably open those documents and have access to volumes that are not intended. This can be mitigated by invoking the “Access Restriction…” function from the “File” menu. This allows synchronizer documents to be password protected and thus not openable by end-users if they do not have the password.
RELATED DOCUMENTS
REVISION HISTORY
Jan-07-2015 – Created from Internal Support Notes.