backup creates world-readable backup of the database in sites/foo.example.com [#590506]

Comment #1

anarcat CreditAttribution: anarcat commented 29 September 2009 at 00:21

Title:

provision backup creates world-readable backup of the database in sites/foo.example.com

» backup creates world-readable backup of the database in sites/foo.example.com

There's actually two problems here:

1. in some cases (interruption?) backup leaves the file lying around (this is more likely a drush issue, see #590634: interruptions should launch rollbacks), and;
2. more importantly: the file is world-readable. this is the issue at hand here.

Log in or register to post comments

Comment #2

Anonymous (not verified) CreditAttribution: Anonymous commented 1 October 2009 at 06:54

Doesn't the database dump get deleted post-backup and post-restore?

And backups live outside the document root?

Or are you talking about the fleeting moment where it drops it in database.sql before tarring up the whole directory?

Edit: nevermind I see you point out that an interruption will leave the dump lying around. Helps if I read properly :)

Log in or register to post comments

Comment #3

Anonymous (not verified) CreditAttribution: Anonymous commented 1 October 2009 at 07:22

Status:

Active

» Fixed

Think I've fixed this in HEAD, file is chmod to 600 on successful writing of the dump file.

Log in or register to post comments

Comment #4

anarcat CreditAttribution: anarcat commented 1 October 2009 at 14:47

Status:

Fixed

» Needs work

Yeah, so that's what I'm talking about: the database.sql gets created with too permissive... permissions. That file can be read while the dump is created, even if the permissions are fixed in the end. It needs to be created with the proper permissions (you can use umask for that).

Log in or register to post comments

Comment #5

Anonymous (not verified) CreditAttribution: Anonymous commented 1 October 2009 at 15:26

Status:

Needs work

» Fixed

A better fix committed to HEAD. Thanks

Log in or register to post comments

Comment #6

15 October 2009 at 15:30

Status:

Fixed

» Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.

Log in or register to post comments

Comment #7

12 June 2014 at 08:41

Commit 9818bf9 on debian, dev-dns, dev-envobject, dev-koumbit, dev-log_directory, dev-migrate_aliases, dev-multiserver-install, dev-newhooks, dev-nginx, dev-platform_management, dev-ports, dev-purgebackup, dev-restore, dev-services, dev-simplerinstaller, dev-site_rename, dev-ssl, dev_716166_apache_conf, dev_dns, dev_server_verify, prod-koumbit, ssl, dev-ssl-ip-allocation-refactor, dev-1205458-move_sites_out_of_platforms, 7.x-3.x, dev-subdir-multiserver, 6.x-2.x-backports, dev-helmo-3.x authored by mig5:
```
#590506 - make mysqldump file non-readable by webserver while executing...
```
Commit 1da651a on debian, dev-dns, dev-envobject, dev-koumbit, dev-log_directory, dev-migrate_aliases, dev-multiserver-install, dev-newhooks, dev-nginx, dev-platform_management, dev-ports, dev-purgebackup, dev-restore, dev-services, dev-simplerinstaller, dev-site_rename, dev-ssl, dev_716166_apache_conf, dev_dns, dev_server_verify, prod-koumbit, ssl, dev-ssl-ip-allocation-refactor, dev-1205458-move_sites_out_of_platforms, 7.x-3.x, dev-subdir-multiserver, 6.x-2.x-backports, dev-helmo-3.x authored by mig5:
```
#590506 - set umask so that dump is generated with safer permissions. A...
```