Commit ab4f963b authored by Paul Cammish's avatar Paul Cammish

Merge branch 'buster_force-root-backups' into 'buster-testing'

Buster force root backups

See merge request sympl/sympl!123
parents 9d11fc4b 9c3ade5a
Pipeline #672 passed with stages
in 34 minutes and 57 seconds
......@@ -16,7 +16,7 @@ SRCLIST=(/etc /root /srv /home /usr/local /var/mail /var/lib /var/spool/cron /va
# Exclude mysql binary dirs, as these are dumped to /var/backups/mysql before
# the backup. Also exclude php5 session files.
#
SKIPCOND=(-path "*.nobackup*" -o -name "*.o" -o '(' -path '/var/lib/mysql' -o -path '/var/lib/php5' ')' -prune )
SKIPCOND=(-path "*.nobackup*" -o -name "*.o" -o '(' -path '/var/lib/mysql' -o -path '/var/lib/php' -o -path '/var/lib/docker' ')' -prune )
##################################################
# Destination
......
#!/bin/bash
if [ $EUID != 0 ]; then
echo "Sorry, backups must be run as root. Run \`sudo backup2l -b\` to take a backup."
exit 1
fi
sympl-backup (10.0.190731.0) stable; urgency=medium
* Force backups to be run as root.
* Update backup paths.
* Don't back up /var/lib/docker.
-- Paul Cammish <sympl@kelduum.net> Wed, 31 Jul 2019 19:38:00 +0100
sympl-backup (10.0.190621.0) stable; urgency=medium
* Created Sympl v10.0 (Debian Buster)
......
......@@ -123,7 +123,7 @@ CONFIG_FILE=/etc/sympl-sqldump.config
MYSQL=$( which mysql 2> /dev/null )
MYSQLDUMP=$( which mysqldump 2> /dev/null )
MYSQL_DEFAULTS="$HOME/.my.cnf"
MYSQL_DEFAULTS="/home/sympl/.my.cnf"
MYSQL_SKIP_DB='information_schema performance_schema'
MYSQLDUMP_OPTIONS='--create-options --no-create-db --events --triggers --routines --dump-date --tz-utc'
......@@ -249,7 +249,7 @@ if [ "${#PARAMETERS}" -gt "0" ]; then
Common
--dir, -d <path> Override path to dump directory.
Will be created/chown'd/chmod'd to root user.
Will be created/chown'd/chmod'd to sympl user.
Defaults to $DUMP_DIR
--keep, -k <number> Number of dumps to keep before removing old copies.
Defaults to $KEEP_MAX_COPIES
......@@ -263,17 +263,17 @@ Executable paths
Authentication
--mysql-defaults Optional 'defaults-file' to use in debian.cnf
format. Defaults to ~/.my.cnf,
format. Defaults to $MYSQL_DEFAULTS,
/etc/mysqldump/sympl-sqldump.cnf and
/etc/mysqldump/debian.cnf in that order.
Must be secured to root user only.
Must be secured to root or sympl user only.
Other
--force Force a run even if currently locked.
--config <file> Specify a config file to override defaults.
Defaults to /etc/sympl-sqldump.conf if exists
and must be secured to root.
and must be secured to root user only.
--help This text.
"
......@@ -285,8 +285,8 @@ fi
#############################################################################
if [ $( id -u ) -ne 0 ]; then
_error This must be run as root.
_exit 256
echo "Error: This must be run as root"
exit 256
fi
......@@ -345,15 +345,15 @@ fi
## MariaDB can simply be used with 'mysql', others will need
## $HOME/.my.cnf, /etc/mysql/sympl-sqldump.cnf or /etc/mysql/debian.cnf
## Use credentials from (in order) $HOME/.my.cnf, /etc/mysql/sympl-sqldump.cnf,
## Use credentials from (in order) $HOME/.my.cnf, /etc/mysql/sympl-sqldump.cnf,
## /etc/mysql/debian.cnf or the normal MySQL methods available to root.
# look for /etc/mysql directory (won't exist on centos)
if [ -d /etc/mysql ]; then
if [ -f "$MYSQL_DEFAULTS" ]; then
if [ "$( find "$MYSQL_DEFAULTS" -user $(whoami) -perm 0600 | wc -l )" == "1" ]; then
_debug Secure $HOME/.my.cnf found.
AUTH="--defaults-file=$HOME/.my.cnf"
if [ "$( find "$MYSQL_DEFAULTS" -user sympl -perm 0600 | wc -l )" == "1" ]; then
_debug Secure $MYSQL_DEFAULTS found.
AUTH="--defaults-file=$MYSQL_DEFAULTS"
fi
elif [ -f /etc/mysql/sympl-sqldump.cnf ]; then
if [ "$( find /etc/mysql/sympl-sqldump.cnf -user root -perm 0600 | wc -l )" == "1" ]; then
......@@ -418,9 +418,9 @@ if [ ! -d "$DUMP_DIR/." ]; then
mkdir -p $DUMP_DIR
_verbose "Created dump target directory $DUMP_DIR"
fi
if [ $( find $DUMP_DIR -maxdepth 0 -user root -perm 700 | wc -l ) -ne 1 ]; then
chown 0:0 "$DUMP_DIR/."
chmod 700 "$DUMP_DIR/."
if [ $( find $DUMP_DIR -maxdepth 0 -user sympl -group sympl -perm 770 | wc -l ) -ne 1 ]; then
chown sympl:sympl "$DUMP_DIR/."
chmod 770 "$DUMP_DIR/."
_verbose "Adjusted permissions for $DUMP_DIR"
fi
......@@ -444,8 +444,8 @@ for DATABASE in ${MYSQL_TO_DUMP}; do
else
_debug 'Creating dummy file and setting permissions'
touch $DUMP_FILENAME
chown 0:0 $DUMP_FILENAME
chmod 600 $DUMP_FILENAME
chown sympl:sympl $DUMP_FILENAME
chmod 660 $DUMP_FILENAME
## determine dump type
### MyISAM tables need to be locked, InnoDB tables don't, and use different dump types
......
sympl-mysql (10.0.190731.0) stable; urgency=medium
* Updated sympl-sqldump to use sympl user fully
-- Paul Cammish <sympl@kelduum.net> Wed, 31 Jul 2019 20:25:00 +0100
sympl-mysql (10.0.190621.0) stable; urgency=medium
* Created Sympl v10.0 (Debian Buster)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment