Commit ab4f963b authored by Paul Cammish's avatar Paul Cammish
Browse files

Merge branch 'buster_force-root-backups' into 'buster-testing'

Buster force root backups

See merge request sympl/sympl!123
parents 9d11fc4b 9c3ade5a
...@@ -16,7 +16,7 @@ SRCLIST=(/etc /root /srv /home /usr/local /var/mail /var/lib /var/spool/cron /va ...@@ -16,7 +16,7 @@ SRCLIST=(/etc /root /srv /home /usr/local /var/mail /var/lib /var/spool/cron /va
# Exclude mysql binary dirs, as these are dumped to /var/backups/mysql before # Exclude mysql binary dirs, as these are dumped to /var/backups/mysql before
# the backup. Also exclude php5 session files. # the backup. Also exclude php5 session files.
# #
SKIPCOND=(-path "*.nobackup*" -o -name "*.o" -o '(' -path '/var/lib/mysql' -o -path '/var/lib/php5' ')' -prune ) SKIPCOND=(-path "*.nobackup*" -o -name "*.o" -o '(' -path '/var/lib/mysql' -o -path '/var/lib/php' -o -path '/var/lib/docker' ')' -prune )
################################################## ##################################################
# Destination # Destination
......
#!/bin/bash
if [ $EUID != 0 ]; then
echo "Sorry, backups must be run as root. Run \`sudo backup2l -b\` to take a backup."
exit 1
fi
sympl-backup (10.0.190731.0) stable; urgency=medium
* Force backups to be run as root.
* Update backup paths.
* Don't back up /var/lib/docker.
-- Paul Cammish <sympl@kelduum.net> Wed, 31 Jul 2019 19:38:00 +0100
sympl-backup (10.0.190621.0) stable; urgency=medium sympl-backup (10.0.190621.0) stable; urgency=medium
* Created Sympl v10.0 (Debian Buster) * Created Sympl v10.0 (Debian Buster)
......
...@@ -123,7 +123,7 @@ CONFIG_FILE=/etc/sympl-sqldump.config ...@@ -123,7 +123,7 @@ CONFIG_FILE=/etc/sympl-sqldump.config
MYSQL=$( which mysql 2> /dev/null ) MYSQL=$( which mysql 2> /dev/null )
MYSQLDUMP=$( which mysqldump 2> /dev/null ) MYSQLDUMP=$( which mysqldump 2> /dev/null )
MYSQL_DEFAULTS="$HOME/.my.cnf" MYSQL_DEFAULTS="/home/sympl/.my.cnf"
MYSQL_SKIP_DB='information_schema performance_schema' MYSQL_SKIP_DB='information_schema performance_schema'
MYSQLDUMP_OPTIONS='--create-options --no-create-db --events --triggers --routines --dump-date --tz-utc' MYSQLDUMP_OPTIONS='--create-options --no-create-db --events --triggers --routines --dump-date --tz-utc'
...@@ -249,7 +249,7 @@ if [ "${#PARAMETERS}" -gt "0" ]; then ...@@ -249,7 +249,7 @@ if [ "${#PARAMETERS}" -gt "0" ]; then
Common Common
--dir, -d <path> Override path to dump directory. --dir, -d <path> Override path to dump directory.
Will be created/chown'd/chmod'd to root user. Will be created/chown'd/chmod'd to sympl user.
Defaults to $DUMP_DIR Defaults to $DUMP_DIR
--keep, -k <number> Number of dumps to keep before removing old copies. --keep, -k <number> Number of dumps to keep before removing old copies.
Defaults to $KEEP_MAX_COPIES Defaults to $KEEP_MAX_COPIES
...@@ -263,17 +263,17 @@ Executable paths ...@@ -263,17 +263,17 @@ Executable paths
Authentication Authentication
--mysql-defaults Optional 'defaults-file' to use in debian.cnf --mysql-defaults Optional 'defaults-file' to use in debian.cnf
format. Defaults to ~/.my.cnf, format. Defaults to $MYSQL_DEFAULTS,
/etc/mysqldump/sympl-sqldump.cnf and /etc/mysqldump/sympl-sqldump.cnf and
/etc/mysqldump/debian.cnf in that order. /etc/mysqldump/debian.cnf in that order.
Must be secured to root user only. Must be secured to root or sympl user only.
Other Other
--force Force a run even if currently locked. --force Force a run even if currently locked.
--config <file> Specify a config file to override defaults. --config <file> Specify a config file to override defaults.
Defaults to /etc/sympl-sqldump.conf if exists Defaults to /etc/sympl-sqldump.conf if exists
and must be secured to root. and must be secured to root user only.
--help This text. --help This text.
" "
...@@ -285,8 +285,8 @@ fi ...@@ -285,8 +285,8 @@ fi
############################################################################# #############################################################################
if [ $( id -u ) -ne 0 ]; then if [ $( id -u ) -ne 0 ]; then
_error This must be run as root. echo "Error: This must be run as root"
_exit 256 exit 256
fi fi
...@@ -345,15 +345,15 @@ fi ...@@ -345,15 +345,15 @@ fi
## MariaDB can simply be used with 'mysql', others will need ## MariaDB can simply be used with 'mysql', others will need
## $HOME/.my.cnf, /etc/mysql/sympl-sqldump.cnf or /etc/mysql/debian.cnf ## $HOME/.my.cnf, /etc/mysql/sympl-sqldump.cnf or /etc/mysql/debian.cnf
## Use credentials from (in order) $HOME/.my.cnf, /etc/mysql/sympl-sqldump.cnf, ## Use credentials from (in order) $HOME/.my.cnf, /etc/mysql/sympl-sqldump.cnf,
## /etc/mysql/debian.cnf or the normal MySQL methods available to root. ## /etc/mysql/debian.cnf or the normal MySQL methods available to root.
# look for /etc/mysql directory (won't exist on centos) # look for /etc/mysql directory (won't exist on centos)
if [ -d /etc/mysql ]; then if [ -d /etc/mysql ]; then
if [ -f "$MYSQL_DEFAULTS" ]; then if [ -f "$MYSQL_DEFAULTS" ]; then
if [ "$( find "$MYSQL_DEFAULTS" -user $(whoami) -perm 0600 | wc -l )" == "1" ]; then if [ "$( find "$MYSQL_DEFAULTS" -user sympl -perm 0600 | wc -l )" == "1" ]; then
_debug Secure $HOME/.my.cnf found. _debug Secure $MYSQL_DEFAULTS found.
AUTH="--defaults-file=$HOME/.my.cnf" AUTH="--defaults-file=$MYSQL_DEFAULTS"
fi fi
elif [ -f /etc/mysql/sympl-sqldump.cnf ]; then elif [ -f /etc/mysql/sympl-sqldump.cnf ]; then
if [ "$( find /etc/mysql/sympl-sqldump.cnf -user root -perm 0600 | wc -l )" == "1" ]; then if [ "$( find /etc/mysql/sympl-sqldump.cnf -user root -perm 0600 | wc -l )" == "1" ]; then
...@@ -418,9 +418,9 @@ if [ ! -d "$DUMP_DIR/." ]; then ...@@ -418,9 +418,9 @@ if [ ! -d "$DUMP_DIR/." ]; then
mkdir -p $DUMP_DIR mkdir -p $DUMP_DIR
_verbose "Created dump target directory $DUMP_DIR" _verbose "Created dump target directory $DUMP_DIR"
fi fi
if [ $( find $DUMP_DIR -maxdepth 0 -user root -perm 700 | wc -l ) -ne 1 ]; then if [ $( find $DUMP_DIR -maxdepth 0 -user sympl -group sympl -perm 770 | wc -l ) -ne 1 ]; then
chown 0:0 "$DUMP_DIR/." chown sympl:sympl "$DUMP_DIR/."
chmod 700 "$DUMP_DIR/." chmod 770 "$DUMP_DIR/."
_verbose "Adjusted permissions for $DUMP_DIR" _verbose "Adjusted permissions for $DUMP_DIR"
fi fi
...@@ -444,8 +444,8 @@ for DATABASE in ${MYSQL_TO_DUMP}; do ...@@ -444,8 +444,8 @@ for DATABASE in ${MYSQL_TO_DUMP}; do
else else
_debug 'Creating dummy file and setting permissions' _debug 'Creating dummy file and setting permissions'
touch $DUMP_FILENAME touch $DUMP_FILENAME
chown 0:0 $DUMP_FILENAME chown sympl:sympl $DUMP_FILENAME
chmod 600 $DUMP_FILENAME chmod 660 $DUMP_FILENAME
## determine dump type ## determine dump type
### MyISAM tables need to be locked, InnoDB tables don't, and use different dump types ### MyISAM tables need to be locked, InnoDB tables don't, and use different dump types
......
sympl-mysql (10.0.190731.0) stable; urgency=medium
* Updated sympl-sqldump to use sympl user fully
-- Paul Cammish <sympl@kelduum.net> Wed, 31 Jul 2019 20:25:00 +0100
sympl-mysql (10.0.190621.0) stable; urgency=medium sympl-mysql (10.0.190621.0) stable; urgency=medium
* Created Sympl v10.0 (Debian Buster) * Created Sympl v10.0 (Debian Buster)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment