. Fixed bug in toint(), and thus isnow(), which caused it
to not work when run from cron.
. Recursively ignore subdirs in /etc/backup.d (Closes: #361102)
+ . Add admingroup option to configuration to allow a group that can
+ read/write configurations (instead of only allowing root). Checks
+ and complains about group-readable files only when the group differs
+ from the one in the configuration file (default is root as before).
+ Thanks to Martin Krafft for the patch (Closes: #370396).
handler changes
Added tar handler
mysql:
# even if there was no error. (default = yes)
reportwarning = yes
+# set to the administration group that is allowed to
+# read/write configuration files in /etc/backup.d
+admingroup = root
+
#######################################################
# for most installations, the defaults below are good #
#######################################################
#
function check_perms() {
- local file=$1
- local perms=`ls -ld $file`
- perms=${perms:4:6}
- if [ "$perms" != "------" ]; then
- echo "Configuration files must not be group or world writable/readable! Dying on file $file"
- fatal "Configuration files must not be group or world writable/readable! Dying on file $file"
- fi
- if [ `ls -ld $file | awk '{print $3}'` != "root" ]; then
- echo "Configuration files must be owned by root! Dying on file $file"
- fatal "Configuration files must be owned by root! Dying on file $file"
- fi
+ local file=$1
+ local perms
+ perms=($(stat -L --printf='%a %g %G %u %U' $file))
+ local gperm=${perms[0]:1:1}
+ local wperm=${perms[0]:2:1}
+ local gid=${perms[1]}
+ local group=${perms[2]}
+ local owner=${perms[3]}
+
+ if [ "$owner" != 0 ]; then
+ echo "Configuration files must be owned by root! Dying on file $file"
+ fatal "Configuration files must be owned by root! Dying on file $file"
+ fi
+
+ if [ $wperm -gt 0 ]; then
+ echo "Configuration files must not be world writable/readable! Dying on file $file"
+ fatal "Configuration files must not be world writable/readable! Dying on file $file"
+ fi
+
+ if [ $gperm -gt 0 ]; then
+ case "$admingroup" in
+ $gid|$group) :;;
+
+ *)
+ if [ "$gid" != 0 ]; then
+ echo "Configuration files must writable/readable by group ${perms[2]}! Dying on file $file"
+ fatal "Configuration files must writable/readable by group ${perms[2]}! Dying on file $file"
+ fi
+ ;;
+ esac
+ fi
}
# simple lowercase function
getconf PGSQLDUMPALL /usr/bin/pg_dumpall
getconf GZIP /bin/gzip
getconf RSYNC /usr/bin/rsync
+getconf admingroup root
# initialize vservers support
# (get config variables and check real vservers availability)
for file in $files; do
[ -f "$file" ] || continue
+ check_perms ${file%/*} # check containing dir
check_perms $file
suffix="${file##*.}"
base=`basename $file`
projects / matthijs / upstream / backupninja.git / commitdiff