Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
The database backup is readable by all, which makes it accessible by the webserver. The mode should at least be safe enough so that the webserver cannot read it (umask 077 or something).
Comments
Comment #1
anarcat CreditAttribution: anarcat commentedThere's actually two problems here:
1. in some cases (interruption?) backup leaves the file lying around (this is more likely a drush issue, see #590634: interruptions should launch rollbacks), and;
2. more importantly: the file is world-readable. this is the issue at hand here.
Comment #2
Anonymous (not verified) CreditAttribution: Anonymous commentedDoesn't the database dump get deleted post-backup and post-restore?
And backups live outside the document root?
Or are you talking about the fleeting moment where it drops it in database.sql before tarring up the whole directory?
Edit: nevermind I see you point out that an interruption will leave the dump lying around. Helps if I read properly :)
Comment #3
Anonymous (not verified) CreditAttribution: Anonymous commentedThink I've fixed this in HEAD, file is chmod to 600 on successful writing of the dump file.
Comment #4
anarcat CreditAttribution: anarcat commentedYeah, so that's what I'm talking about: the database.sql gets created with too permissive... permissions. That file can be read while the dump is created, even if the permissions are fixed in the end. It needs to be created with the proper permissions (you can use umask for that).
Comment #5
Anonymous (not verified) CreditAttribution: Anonymous commentedA better fix committed to HEAD. Thanks