Skip to content

Commit d739966

Browse files
tiredofittiredofit
committed
Update _FILESYSTEM_PERMISSIONS from 700 to 600 and add undocumented DBBACKUP_USER|GROUP variable
1 parent 9caec73 commit d739966

File tree

3 files changed

+10
-8
lines changed

3 files changed

+10
-8
lines changed

README.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -327,7 +327,7 @@ If `DEFAULT_BACKUP_LOCTION` = `FILESYSTEM` then the following options are used:
327327
| `DEFAULT_CREATE_LATEST_SYMLINK` | Create a symbolic link pointing to last backup in this format: `latest-(DB_TYPE)-(DB_NAME)-(DB_HOST)` | `TRUE` |
328328
| `DEFAULT_FILESYSTEM_PATH` | Directory where the database dumps are kept. | `/backup` |
329329
| `DEFAULT_FILESYSTEM_ARCHIVE_PATH` | Optional Directory where the database dumps archives are kept | `${DEFAULT_FILESYSTEM_PATH}/archive/` |
330-
| `DEFAULT_FILESYSTEM_PERMISSION` | Directory and File permissions to apply to files. | `700` |
330+
| `DEFAULT_FILESYSTEM_PERMISSION` | Directory and File permissions to apply to files. | `600` |
331331

332332
###### S3
333333

@@ -602,7 +602,7 @@ If `DB01_BACKUP_LOCTION` = `FILESYSTEM` then the following options are used:
602602
| `DB01_CREATE_LATEST_SYMLINK` | Create a symbolic link pointing to last backup in this format: `latest-(DB_TYPE)-(DB_NAME)-(DB_HOST)` | `TRUE` |
603603
| `DB01_FILESYSTEM_PATH` | Directory where the database dumps are kept. | `/backup` |
604604
| `DB01_FILESYSTEM_ARCHIVE_PATH` | Optional Directory where the database dumps archives are kept | `${DB01_FILESYSTEM_PATH/archive/` |
605-
| `DB01_FILESYSTEM_PERMISSION` | Directory and File permissions to apply to files. | `700` |
605+
| `DB01_FILESYSTEM_PERMISSION` | Directory and File permissions to apply to files. | `600` |
606606

607607
###### S3
608608

install/assets/defaults/10-db-backup

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,8 @@
11
#!/command/with-contenv bash
22

33
BACKUP_JOB_CONCURRENCY=${BACKUP_JOB_CONCURRENCY:-"1"}
4+
DBBACKUP_USER=${DBBACKUP_USER:-"dbbackup"}
5+
DBBACKUP_GROUP=${DBBACKUP_USER:-"${DBBACKUP_USER}"} # Must go after DBBACKUP_USER
46
DEFAULT_BACKUP_BEGIN=${DEFAULT_BACKUP_BEGIN:-+0}
57
DEFAULT_BACKUP_INTERVAL=${DEFAULT_BACKUP_INTERVAL:-1440}
68
DEFAULT_BACKUP_INTERVAL=${DEFAULT_BACKUP_INTERVAL:-1440}
@@ -13,7 +15,7 @@ DEFAULT_CREATE_LATEST_SYMLINK=${DEFAULT_CREATE_LATEST_SYMLINK:-"TRUE"}
1315
DEFAULT_ENABLE_PARALLEL_COMPRESSION=${DEFAULT_ENABLE_PARALLEL_COMPRESSION:-"TRUE"}
1416
DEFAULT_ENCRYPT=${DEFAULT_ENCRYPT:-"FALSE"}
1517
DEFAULT_FILESYSTEM_PATH=${DEFAULT_FILESYSTEM_PATH:-"/backup"}
16-
DEFAULT_FILESYSTEM_PERMISSION=${DEFAULT_FILESYSTEM_PERMISSION:-"700"}
18+
DEFAULT_FILESYSTEM_PERMISSION=${DEFAULT_FILESYSTEM_PERMISSION:-"600"}
1719
DEFAULT_FILESYSTEM_ARCHIVE_PATH=${DEFAULT_FILESYSTEM_ARCHIVE_PATH:-"${DEFAULT_FILESYSTEM_PATH}/archive/"}
1820
DEFAULT_LOG_LEVEL=${DEFAULT_LOG_LEVEL:-"notice"}
1921
DEFAULT_MYSQL_ENABLE_TLS=${DEFAULT_MYSQL_ENABLE_TLS:-"FALSE"}

install/assets/functions/10-db-backup

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -5,26 +5,26 @@ bootstrap_filesystem() {
55
if [ ! -d "${backup_job_filesystem_path}" ]; then
66
mkdir -p "${backup_job_filesystem_path}"
77
fi
8-
if [ "$(stat -c %U "${backup_job_filesystem_path}")" != "dbbackup" ] ; then chown -R dbbackup:dbbackup "${backup_job_filesystem_path}" ; fi
8+
if [ "$(stat -c %U "${backup_job_filesystem_path}")" != "${DBBACKUP_USER}" ] ; then chown -R "${DBBACKUP_USER}":"${DBBACKUP_GROUP}" "${backup_job_filesystem_path}" ; fi
99
if [ "$(stat -c %a "${backup_job_filesystem_path}")" != "${backup_job_filesystem_permission}" ] ; then chmod -R "${backup_job_filesystem_permission}" "${backup_job_filesystem_path}" ; fi
1010

1111
if [ -d "${backup_job_filesystem_archive_path}" ]; then
12-
if [ "$(stat -c %U "${backup_job_filesystem_archive_path}")" != "dbbackup" ] ; then chown -R dbbackup:dbbackup "${backup_job_filesystem_archive_path}" ; fi
12+
if [ "$(stat -c %U "${backup_job_filesystem_archive_path}")" != "${DBBACKUP_USER}" ] ; then chown -R "${DBBACKUP_USER}":"${DBBACKUP_GROUP}" "${backup_job_filesystem_archive_path}" ; fi
1313
if [ "$(stat -c %a "${backup_job_filesystem_archive_path}")" != "${backup_job_filesystem_permission}" ] ; then chmod -R "${backup_job_filesystem_permission}" "${backup_job_filesystem_archive_path}" ; fi
1414
fi
1515

1616
if [ ! -d "${LOG_PATH}" ]; then
1717
mkdir -p "${LOG_PATH}"
1818
fi
1919

20-
if [ "$(stat -c %U "${LOG_PATH}")" != "dbbackup" ] ; then chown dbbackup:dbbackup "${LOG_PATH}" ; fi
20+
if [ "$(stat -c %U "${LOG_PATH}")" != "${DBBACKUP_USER}" ] ; then chown -R "${DBBACKUP_USER}":"${DBBACKUP_GROUP}" "${LOG_PATH}" ; fi
2121
if [ ! -d "${LOG_PATH}"/"$(date +'%Y%m%d')" ]; then run_as_user mkdir -p "${LOG_PATH}"/"$(date +'%Y%m%d')"; fi
2222
if [ "$(stat -c %a "${LOG_PATH}")" != "755" ] ; then chmod -R 755 "${LOG_PATH}" ; fi
2323

2424
if [ ! -d "${TEMP_PATH}" ]; then
2525
mkdir -p "${TEMP_PATH}"
2626
fi
27-
if [ "$(stat -c %U "${TEMP_PATH}")" != "dbbackup" ] ; then chown -R dbbackup:dbbackup "${TEMP_PATH}" ; fi
27+
if [ "$(stat -c %U "${TEMP_PATH}")" != "${DBBACKUP_USER}" ] ; then chown -R "${DBBACKUP_USER}":"${DBBACKUP_GROUP}" "${TEMP_PATH}" ; fi
2828
if var_true "${DEBUG_BOOTSTRAP_FILESYSTEM}" ; then debug off; fi
2929
}
3030

@@ -1648,7 +1648,7 @@ process_limiter() {
16481648
}
16491649

16501650
run_as_user() {
1651-
s6-setuidgid dbbackup $@
1651+
s6-setuidgid "${DBBACKUP_USER}" $@
16521652
}
16531653

16541654
setup_mode() {

0 commit comments

Comments
 (0)