Join the community today
Register Now

Beta Branch add tools/backup-perm.sh

Discussion in 'Centmin Mod Github Commits' started by eva2000, Mar 4, 2016.

  1. eva2000

    eva2000 Administrator Staff Member

    53,229
    12,116
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,654
    Local Time:
    8:17 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    add tools/backup-perm.sh


    A tool to backup directory and file permissions and user/group ownership settings. The backup-perm.sh file will be copied to /home/nginx/domains/domain.com/tools/backup-perm.sh where it runs against individual nginx vhost directories and files to backup file user, group and permissions and allows restoration of those permissions. This optional tool can be setup via cronjob manually to regularly backup these nginx vhost site directory and file permissions

    Continue reading...

    123.09beta01 branch
     
  2. Sunka

    Sunka Well-Known Member

    1,150
    325
    83
    Oct 31, 2015
    Pula, Croatia
    Ratings:
    +525
    Local Time:
    12:17 AM
    Nginx 1.17.9
    MariaDB 10.3.22
    Updated but I can not find script on my server to run it?
     
  3. eva2000

    eva2000 Administrator Staff Member

    53,229
    12,116
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,654
    Local Time:
    8:17 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    it's all manually done you need to

    1. create directory in nginx site vhost at /home/nginx/domains/domain.com/tools where domain.com is your domain name

    2. copy file from /usr/local/src/centminmod/tools/backup-perm.sh to /home/nginx/domains/domain.com/tools
    Code (Text):
    cp -a /usr/local/src/centminmod/tools/backup-perm.sh /home/nginx/domains/domain.com/tools


    3. then run it manually to backup

    Code (Text):
    /home/nginx/domains/domain.com/tools/backup-perm.sh backup


    4. run manually to restore follow instructions on the commands to run (again manually done)

    Code (Text):
    /home/nginx/domains/domain.com/tools/backup-perm.sh restore


    5. optionally setup cronjob for it to run daily or below is run every 12 hours

    Code (Text):
    11 */12 * * * /home/nginx/domains/demodomain.com/tools/backup-perm.sh backup


    Examples



    Example backup run
    Code (Text):
    /home/nginx/domains/demodomain.com/tools/backup-perm.sh backup
    
    -------------------------------------------------------
    backup directory & file permissions for:
    /home/nginx/domains/demodomain.com
    -------------------------------------------------------
    -rw-r--r-- 1 root root 3.5K Mar  4 14:37 /home/nginx/domains/demodomain.com/backup/permissions/permissions-040316-143709.acl
    -------------------------------------------------------


    Example restore run
    Code (Text):
    /home/nginx/domains/demodomain.com/tools/backup-perm.sh restore
    
    -------------------------------------------------------
    to restore directory & file permissions for:
    /home/nginx/domains/demodomain.com
    find a permission backup file at /home/nginx/domains/demodomain.com/backup/permissions
    and restore with this command
    -------------------------------------------------------
    
    setfacl --restore=/home/nginx/domains/demodomain.com/backup/permissions/permissions-XXX.acl
    
    -------------------------------------------------------
    where permissions-XXX.acl is name of backup
    -------------------------------------------------------
    
    current backups available are:
    -------------------------------------------------------
    permissions-040316-124711.acl
    permissions-040316-124910.acl
    permissions-040316-125103.acl
    permissions-040316-130210.acl
    permissions-040316-130351.acl
    permissions-040316-130419.acl
    permissions-040316-143709.acl
    -------------------------------------------------------

    Then follow instructions to restore via setfacl command with replaced path to your actual backup file i.e.
    /home/nginx/domains/demodomain.com/backup/permissions/permissions-040316-143709.acl
    Code (Text):
    setfacl --restore=/home/nginx/domains/demodomain.com/backup/permissions/permissions-040316-143709.acl


    Sample contents of backup file at /home/nginx/domains/demodomain.com/backup/permissions/permissions-040316-143709.acl
    Code (Text):
    # file: /home/nginx/domains/demodomain.com
    # owner: nginx
    # group: nginx
    user::rwx
    group::r-x
    other::---
    
    # file: /home/nginx/domains/demodomain.com/private
    # owner: nginx
    # group: nginx
    user::rwx
    group::r-x
    other::---
    
    # file: /home/nginx/domains/demodomain.com/log
    # owner: nginx
    # group: nginx
    user::rwx
    group::r-x
    other::---
    
    # file: /home/nginx/domains/demodomain.com/log/access.log
    # owner: root
    # group: root
    user::rw-
    group::r--
    other::r--
    
    # file: /home/nginx/domains/demodomain.com/log/error.log
    # owner: root
    # group: root
    user::rw-
    group::r--
    other::r--
    
    # file: /home/nginx/domains/demodomain.com/tools
    # owner: root
    # group: root
    user::rwx
    group::r-x
    other::r-x
    
    # file: /home/nginx/domains/demodomain.com/tools/backup-permissions.sh
    # owner: root
    # group: root
    user::rw-
    group::r--
    other::r--
    
    # file: /home/nginx/domains/demodomain.com/tools/backup-perm.sh
    # owner: root
    # group: root
    user::rwx
    group::r-x
    other::r-x
    
    # file: /home/nginx/domains/demodomain.com/backup
    # owner: nginx
    # group: nginx
    user::rwx
    group::r-x
    other::---
    
    # file: /home/nginx/domains/demodomain.com/backup/permissions
    # owner: root
    # group: root
    user::rwx
    group::r-x
    other::r-x
    
    # file: /home/nginx/domains/demodomain.com/backup/permissions/permissions-040316-125103.acl
    # owner: root
    # group: root
    user::rw-
    group::r--
    other::r--
    
    # file: /home/nginx/domains/demodomain.com/backup/permissions/permissions-040316-130419.acl
    # owner: root
    # group: root
    user::rw-
    group::r--
    other::r--
    
    # file: /home/nginx/domains/demodomain.com/backup/permissions/permissions-040316-124910.acl
    # owner: root
    # group: root
    user::rw-
    group::r--
    other::r--
    
    # file: /home/nginx/domains/demodomain.com/backup/permissions/permissions-040316-143709.acl
    # owner: root
    # group: root
    user::rw-
    group::r--
    other::r--
    
    # file: /home/nginx/domains/demodomain.com/backup/permissions/permissions-040316-130210.acl
    # owner: root
    # group: root
    user::rw-
    group::r--
    other::r--
    
    # file: /home/nginx/domains/demodomain.com/backup/permissions/permissions-040316-124711.acl
    # owner: root
    # group: root
    user::rw-
    group::r--
    other::r--
    
    # file: /home/nginx/domains/demodomain.com/backup/permissions/permissions-040316-130351.acl
    # owner: root
    # group: root
    user::rw-
    group::r--
    other::r--
    
    # file: /home/nginx/domains/demodomain.com/public
    # owner: nginx
    # group: nginx
    user::rwx
    group::r-x
    other::---
    
    # file: /home/nginx/domains/demodomain.com/public/maintenance.html
    # owner: nginx
    # group: nginx
    user::rw-
    group::r--
    other::---
    
    # file: /home/nginx/domains/demodomain.com/public/403.html
    # owner: nginx
    # group: nginx
    user::rw-
    group::r--
    other::---
    
    # file: /home/nginx/domains/demodomain.com/public/502.html
    # owner: nginx
    # group: nginx
    user::rw-
    group::r--
    other::---
    
    # file: /home/nginx/domains/demodomain.com/public/504.html
    # owner: nginx
    # group: nginx
    user::rw-
    group::r--
    other::---
    
    # file: /home/nginx/domains/demodomain.com/public/500.html
    # owner: nginx
    # group: nginx
    user::rw-
    group::r--
    other::---
    
    # file: /home/nginx/domains/demodomain.com/public/index.html
    # owner: nginx
    # group: nginx
    user::rw-
    group::r--
    other::---
    
    # file: /home/nginx/domains/demodomain.com/public/503.jpg
    # owner: nginx
    # group: nginx
    user::rw-
    group::r--
    other::---
    
    # file: /home/nginx/domains/demodomain.com/public/503.html
    # owner: nginx
    # group: nginx
    user::rw-
    group::r--
    other::---
    
    # file: /home/nginx/domains/demodomain.com/public/50x.html
    # owner: nginx
    # group: nginx
    user::rw-
    group::r--
    other::---
    
    # file: /home/nginx/domains/demodomain.com/public/404.html
    # owner: nginx
    # group: nginx
    user::rw-
    group::r--
     
    Last edited: Mar 5, 2016
  4. eva2000

    eva2000 Administrator Staff Member

    53,229
    12,116
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,654
    Local Time:
    8:17 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+

    Testing restore



    first edit permission for /home/nginx/domains/demodomain.com/public/404.html file to 0600 and change user and group to root
    Code (Text):
    chmod 0600 /home/nginx/domains/demodomain.com/public/404.html
    chown root:root /home/nginx/domains/demodomain.com/public/404.html

    Code (Text):
    ls -lah /home/nginx/domains/demodomain.com/public/404.html
    -rw------- 1 root root 1.6K Mar  2 00:30 /home/nginx/domains/demodomain.com/public/404.html
    

    now restore permissions backup file
    Code (Text):
    setfacl --restore=/home/nginx/domains/demodomain.com/backup/permissions/permissions-040316-143709.acl

    recheck the file's permissions
    Code (Text):
    ls -lah /home/nginx/domains/demodomain.com/public/404.html                                        
    -rw-r----- 1 nginx nginx 1.6K Mar  2 00:30 /home/nginx/domains/demodomain.com/public/404.html

    matches the backup file /home/nginx/domains/demodomain.com/backup/permissions/permissions-040316-143709.acl recorded permissions
    Code (Text):
    # file: /home/nginx/domains/demodomain.com/public/404.html
    # owner: nginx
    # group: nginx
    user::rw-
    group::r--
     
  5. Sunka

    Sunka Well-Known Member

    1,150
    325
    83
    Oct 31, 2015
    Pula, Croatia
    Ratings:
    +525
    Local Time:
    12:17 AM
    Nginx 1.17.9
    MariaDB 10.3.22
    Excellent!
    Any chance to setup script to delete x days old backup permission, so we have always only last x days

     
  6. eva2000

    eva2000 Administrator Staff Member

    53,229
    12,116
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,654
    Local Time:
    8:17 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Probably not wise to do as you never know how far back you'd have to go to restore a backup from.

    edit: just updated tools/backup-perm.sh with deletion threshold of 365 days, so backup files older than 365 days get removed Beta Branch - update tools/backup-perm.sh | Centmin Mod Community
     
    Last edited: Mar 5, 2016
  7. Sunka

    Sunka Well-Known Member

    1,150
    325
    83
    Oct 31, 2015
    Pula, Croatia
    Ratings:
    +525
    Local Time:
    12:17 AM
    Nginx 1.17.9
    MariaDB 10.3.22
    365 days... long, long time :D
    For what you need backup set of permission for every day last 365 days?
    25MB is permission backup file for my forum, so I could not use this on long term.
    Will make cron to run every day, and another crone to delete file older than 5 days (mtime command)
     
  8. eva2000

    eva2000 Administrator Staff Member

    53,229
    12,116
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,654
    Local Time:
    8:17 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    you never know when an end user will mess up their file permissions over the course of a year :)
     
  9. Sunka

    Sunka Well-Known Member

    1,150
    325
    83
    Oct 31, 2015
    Pula, Croatia
    Ratings:
    +525
    Local Time:
    12:17 AM
    Nginx 1.17.9
    MariaDB 10.3.22
    True, but on my forum I am only SuperAdmin and only I have acces to server
     
  10. Sunka

    Sunka Well-Known Member

    1,150
    325
    83
    Oct 31, 2015
    Pula, Croatia
    Ratings:
    +525
    Local Time:
    12:17 AM
    Nginx 1.17.9
    MariaDB 10.3.22
    @eva2000, to change deleting files older than 365 days to older than 5 days. I have to change only this part in script?
    from:
    Code:
    DEL_THRESHOLD='365'
    to:
    Code:
    DEL_THRESHOLD='3'
    to get -mtime +3
     
  11. pamamolf

    pamamolf Premium Member Premium Member

    4,068
    427
    83
    May 31, 2014
    Ratings:
    +832
    Local Time:
    1:17 AM
    Nginx-1.25.x
    MariaDB 10.3.x
    Great :)

    Database per vhost backup and restoration? :)
     
  12. eva2000

    eva2000 Administrator Staff Member

    53,229
    12,116
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,654
    Local Time:
    8:17 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    yes that changes to older than 3 days

    no not vhost directory & file backup but vhost directory and file permissions only backup. For instance if you accidentally ran chmod recursively on wrong directory for a web app. You can restore your permissions again.
     
  13. Sunka

    Sunka Well-Known Member

    1,150
    325
    83
    Oct 31, 2015
    Pula, Croatia
    Ratings:
    +525
    Local Time:
    12:17 AM
    Nginx 1.17.9
    MariaDB 10.3.22
    Is there chance to add one another path into script?
    I have moved data and internal_data of my xenforo forum to mounted disk.
    So how to add another path to backup permission script, so those two folders permissions will be backuped too like default xenforo directory?
     
  14. eva2000

    eva2000 Administrator Staff Member

    53,229
    12,116
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,654
    Local Time:
    8:17 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    didn't you symlink that ? then backup would already have backed up symlinked directories and files
     
  15. Sunka

    Sunka Well-Known Member

    1,150
    325
    83
    Oct 31, 2015
    Pula, Croatia
    Ratings:
    +525
    Local Time:
    12:17 AM
    Nginx 1.17.9
    MariaDB 10.3.22
    I have, but it not backup permissions for that two folders.
    before it was 20 MB file, now it is only 2 MB.
    I use winmerge to compare backup files, and it is not backup permissions for that two symlinked folders.
     
  16. eva2000

    eva2000 Administrator Staff Member

    53,229
    12,116
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,654
    Local Time:
    8:17 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    quick test
    Code (Text):
    ls -lahR /home/nginx/domains/acme.domain.com/public
    .:
    total 12K
    drwxr-sr-x 3 root  nginx 4.0K Aug  8 03:19 .
    drwxr-sr-x 4 root  nginx 4.0K Jul  5 10:04 ..
    drwxr-sr-x 2 nginx nginx 4.0K Aug  8 03:19 dir1
    
    ./dir1:
    total 8.0K
    drwxr-sr-x 2 nginx nginx 4.0K Aug  8 03:19 .
    drwxr-sr-x 3 root  nginx 4.0K Aug  8 03:19 ..
    -rw-r--r-- 1 nginx nginx    0 Aug  8 03:19 file1.txt

    symlink dir2 to dir1
    Code (Text):
    cd /home/nginx/domains/acme.domain.com/public
    ln -s dir1 dir2

    Code (Text):
    ls -lahR
    .:
    total 12K
    drwxr-sr-x 3 root  nginx 4.0K Aug  8 03:20 .
    drwxr-sr-x 4 root  nginx 4.0K Jul  5 10:04 ..
    drwxr-sr-x 2 nginx nginx 4.0K Aug  8 03:19 dir1
    lrwxrwxrwx 1 root  nginx    4 Aug  8 03:20 dir2 -> dir1
    
    ./dir1:
    total 8.0K
    drwxr-sr-x 2 nginx nginx 4.0K Aug  8 03:19 .
    drwxr-sr-x 3 root  nginx 4.0K Aug  8 03:20 ..
    -rw-r--r-- 1 nginx nginx    0 Aug  8 03:19 file1.txt

    Code (Text):
    ls -lah dir2
    lrwxrwxrwx 1 root nginx 4 Aug  8 03:20 dir2 -> dir1
    ls -lah dir2/file1.txt
    -rw-r--r-- 1 nginx nginx 0 Aug  8 03:19 dir2/file1.txt

    check getfacl permissions and yes doesn't include dir2 symlink
    Code (Text):
    getfacl -R --absolute-names /home/nginx/domains/acme.domain.com/public
    # file: /home/nginx/domains/acme.domain.com/public
    # owner: root
    # group: nginx
    # flags: -s-
    user::rwx
    group::r-x
    other::r-x
    
    # file: /home/nginx/domains/acme.domain.com/public/dir1
    # owner: nginx
    # group: nginx
    # flags: -s-
    user::rwx
    group::r-x
    other::r-x
    
    # file: /home/nginx/domains/acme.domain.com/public/dir1/file1.txt
    # owner: nginx
    # group: nginx
    user::rw-
    group::r--
    other::r--

    getfacl has -L option
    Code (Text):
    getfacl -h
    getfacl 2.2.51 -- get file access control lists
    Usage: getfacl [-aceEsRLPtpndvh] file ...
      -a,  --access           display the file access control list only
      -d, --default           display the default access control list only
      -c, --omit-header       do not display the comment header
      -e, --all-effective     print all effective rights
      -E, --no-effective      print no effective rights
      -s, --skip-base         skip files that only have the base entries
      -R, --recursive         recurse into subdirectories
      -L, --logical           logical walk, follow symbolic links
      -P, --physical          physical walk, do not follow symbolic links
      -t, --tabular           use tabular output format
      -n, --numeric           print numeric user/group identifiers
      -p, --absolute-names    don't strip leading '/' in pathnames
      -v, --version           print version and exit
      -h, --help              this help text

    re-test with -L
    Code (Text):
    getfacl -R -L --absolute-names /home/nginx/domains/acme.domain.com/public
    # file: /home/nginx/domains/acme.domain.com/public
    # owner: root
    # group: nginx
    # flags: -s-
    user::rwx
    group::r-x
    other::r-x
    
    # file: /home/nginx/domains/acme.domain.com/public/dir2
    # owner: nginx
    # group: nginx
    # flags: -s-
    user::rwx
    group::r-x
    other::r-x
    
    # file: /home/nginx/domains/acme.domain.com/public/dir2/file1.txt
    # owner: nginx
    # group: nginx
    user::rw-
    group::r--
    other::r--
    
    # file: /home/nginx/domains/acme.domain.com/public/dir1
    # owner: nginx
    # group: nginx
    # flags: -s-
    user::rwx
    group::r-x
    other::r-x
    
    # file: /home/nginx/domains/acme.domain.com/public/dir1/file1.txt
    # owner: nginx
    # group: nginx
    user::rw-
    group::r--
    other::r--

    so need to update tools/backup-perm.sh with -L flag :)

    updated Beta Branch - update tools/backup-perm.sh to backup symlinks' permissions in 123.09beta01 | Centmin Mod Community :)
     
  17. Sunka

    Sunka Well-Known Member

    1,150
    325
    83
    Oct 31, 2015
    Pula, Croatia
    Ratings:
    +525
    Local Time:
    12:17 AM
    Nginx 1.17.9
    MariaDB 10.3.22
    After update centmin beta, still symlinks are not followed.
    Script is not updated:

    PHP:
    backupperm() {
        echo
        echo 
    "-------------------------------------------------------"
        
    echo " backup directory & file permissions for: "
        
    echo $BASEDIR"
        
    echo "-------------------------------------------------------"
        
    getfacl ---absolute-names $BASEDIR "$BASEDIR/backup/permissions/permissions-$DT.acl"
        
    ls -lah "$BASEDIR/backup/permissions/permissions-$DT.acl"
        
    echo "-------------------------------------------------------"
        
    echo
    }
     
  18. eva2000

    eva2000 Administrator Staff Member

    53,229
    12,116
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,654
    Local Time:
    8:17 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    it only updates the tools/backup-perm.sh if you placed the file else where you need to copy and update manually
     
  19. Sunka

    Sunka Well-Known Member

    1,150
    325
    83
    Oct 31, 2015
    Pula, Croatia
    Ratings:
    +525
    Local Time:
    12:17 AM
    Nginx 1.17.9
    MariaDB 10.3.22
    yep, I moved to my vhost domain.
    I merged manually changes.
    Using winmerge.

    For future updates, should I copy original file to /root/tools/ so future updates will be done it there, and I could than just compare changes and manually add it?
     
  20. eva2000

    eva2000 Administrator Staff Member

    53,229
    12,116
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,654
    Local Time:
    8:17 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    yes

    or

    just symlink it which should work
    Code:
    ln -s /usr/local/src/centminmod/tools/backup-perm.sh  /home/nginx/domains/domain.com/tools/backup-perm.sh