Backup files, OK to change ownership?

Discussion in 'Installation/Configuration' started by TonyG, Feb 6, 2021.

  1. TonyG

    TonyG Active Member

    I'm using the backup option "Backup all files in web directory as root user", where all files are now .tar.gz. The default backup ownership is root:root. To facilitate export with SFTP or rsync, I'd like to change ownership to something like root:staff, root:backup, backup:staff, or backup:backup.
    Specifically: If a process uses SFTP to extract backups, it should not login as root, but it needs permissions to access these files. So I have a 'backup' user in group 'backup'. I've added this user to group 'staff'. The 'ubuntu' user is also in group 'staff' so that it can access /var/log files. So if backups are root:staff then I can use the user ubuntu or backup to get this data.

    Is there a reason that we should not change the ownership of those files or the process that runs the backup?
    If this is OK, can someone please point me to the code or settings where this change should be made?
    If this is NOT OK, I'm hoping suggestions will be made about the best way to do this.

    Would it be valid to suggest an enhancement to the system configuration page to allow entry for the user/group under which backups are created/saved?


    EDIT: Temporary solution: I added user 'backup' to the 'root' group, and it can extract files. Of course I'm not fond of this solution.
    Last edited: Feb 6, 2021
  2. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Why not download it by clicking "Download" in ISPConfig and then downloading with a SSH user assigned to that web?
  3. TonyG

    TonyG Active Member

    I'm automating the process of generating backups and then extracting them to other environments - first to a file system on another network system with rsync, and then up to my office via SFTP. I understand that the ISPConfig backup mechanisms are intended for a specific use case. Even if I use a different mechanism I'll need to do the backups as root and then maybe change ownership of the gz files to another user with permissions for extraction.

    It would be more elegant if this is something we can do with ISPConfig. For example, for now I might cron a process that changes the group of all backup files. But it might be worth it to others to have a new system config setting to chown backups to a user:group and then set files after creation.

    I haven't looked at the code but if there is a hook for post-backup processing it would be cool for site-specific code to hook that process to do whatever we want, like rsync, admin notifications, etc.

    For now the bottom line is : is there anything wrong with changing the group ownership of the backup files? If not then first I'll use the cron option but later I'll modify the code and publish a HowTo.

  4. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    I don't think that it should be an issue as the scripts handling them are run as root.
  5. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    The only hooks are the mount/unmount scripts; you could likely chown or whatever you need in the unmount script for now.
  6. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    I suppose it's possible there is a server event as well that a plugin could tie in to; I'm not where I can conveniently check that right now.

Share This Page