From 5a01b6118e9b88089855dcdb9508214dc6c72f3d Mon Sep 17 00:00:00 2001 From: Dave Conroy Date: Wed, 1 Nov 2023 14:13:37 -0700 Subject: [PATCH] feat - make processes and files save as username dbbackup instead of root --- Dockerfile | 82 ++++++------ README.md | 113 ++++++++-------- install/assets/functions/10-db-backup | 177 ++++++++++++++------------ install/etc/cont-init.d/10-db-backup | 1 + 4 files changed, 199 insertions(+), 174 deletions(-) diff --git a/Dockerfile b/Dockerfile index 9b7278d..79aaa10 100644 --- a/Dockerfile +++ b/Dockerfile @@ -19,50 +19,53 @@ ENV INFLUX_VERSION=1.8.0 \ ### Dependencies RUN source /assets/functions/00-container && \ set -ex && \ + addgroup -S -g 10000 dbbackup && \ + adduser -S -D -H -u 10000 -G dbbackup -g "Tired of I.T! DB Backup" dbbackup && \ + \ package update && \ package upgrade && \ package install .db-backup-build-deps \ - build-base \ - bzip2-dev \ - cargo \ - git \ - go \ - libarchive-dev \ - openssl-dev \ - libffi-dev \ - python3-dev \ - py3-pip \ - xz-dev \ - && \ + build-base \ + bzip2-dev \ + cargo \ + git \ + go \ + libarchive-dev \ + openssl-dev \ + libffi-dev \ + python3-dev \ + py3-pip \ + xz-dev \ + && \ \ package install .db-backup-run-deps \ - bzip2 \ - groff \ - libarchive \ - mariadb-client \ - mariadb-connector-c \ - mongodb-tools \ - openssl \ - pigz \ - postgresql16 \ - postgresql16-client \ - pv \ - py3-botocore \ - py3-colorama \ - py3-cryptography \ - py3-docutils \ - py3-jmespath \ - py3-rsa \ - py3-setuptools \ - py3-s3transfer \ - py3-yaml \ - python3 \ - redis \ - sqlite \ - xz \ - zip \ - zstd \ - && \ + bzip2 \ + groff \ + libarchive \ + mariadb-client \ + mariadb-connector-c \ + mongodb-tools \ + openssl \ + pigz \ + postgresql16 \ + postgresql16-client \ + pv \ + py3-botocore \ + py3-colorama \ + py3-cryptography \ + py3-docutils \ + py3-jmespath \ + py3-rsa \ + py3-setuptools \ + py3-s3transfer \ + py3-yaml \ + python3 \ + redis \ + sqlite \ + xz \ + zip \ + zstd \ + && \ \ apkArch="$(uname -m)"; \ case "$apkArch" in \ @@ -106,5 +109,4 @@ RUN source /assets/functions/00-container && \ /tmp/* \ /usr/src/* - COPY install / diff --git a/README.md b/README.md index 5e408f1..f736563 100644 --- a/README.md +++ b/README.md @@ -35,41 +35,40 @@ Currently backs up CouchDB, InfluxDB, MySQL, Microsoft SQL, MongoDB, Postgres, R ## Table of Contents -- [github.com/tiredofit/docker-db-backup](#githubcomtiredofitdocker-db-backup) - - [About](#about) - - [Maintainer](#maintainer) - - [Table of Contents](#table-of-contents) - - [Prerequisites and Assumptions](#prerequisites-and-assumptions) - - [Installation](#installation) - - [Build from Source](#build-from-source) - - [Prebuilt Images](#prebuilt-images) - - [Multi Architecture](#multi-architecture) - - [Configuration](#configuration) - - [Quick Start](#quick-start) - - [Persistent Storage](#persistent-storage) - - [Environment Variables](#environment-variables) - - [Base Images used](#base-images-used) - - [Container Options](#container-options) - - [Database Specific Options](#database-specific-options) - - [For Influx DB2](#for-influx-db2) - - [Scheduling Options](#scheduling-options) - - [Backup Options](#backup-options) - - [Backing Up to S3 Compatible Services](#backing-up-to-s3-compatible-services) - - [Upload to a Azure storage account by `blobxfer`](#upload-to-a-azure-storage-account-by-blobxfer) - - [Maintenance](#maintenance) - - [Shell Access](#shell-access) - - [Manual Backups](#manual-backups) - - [Restoring Databases](#restoring-databases) - - [Custom Scripts](#custom-scripts) - - [Path Options](#path-options) - - [Pre Backup](#pre-backup) - - [Post backup](#post-backup) - - [Support](#support) - - [Usage](#usage) - - [Bugfixes](#bugfixes) - - [Feature Requests](#feature-requests) - - [Updates](#updates) - - [License](#license) +- [About](#about) +- [Maintainer](#maintainer) +- [Table of Contents](#table-of-contents) +- [Prerequisites and Assumptions](#prerequisites-and-assumptions) +- [Installation](#installation) + - [Build from Source](#build-from-source) + - [Prebuilt Images](#prebuilt-images) + - [Multi Architecture](#multi-architecture) +- [Configuration](#configuration) + - [Quick Start](#quick-start) + - [Persistent Storage](#persistent-storage) + - [Environment Variables](#environment-variables) + - [Base Images used](#base-images-used) + - [Container Options](#container-options) + - [Database Specific Options](#database-specific-options) + - [For Influx DB2](#for-influx-db2) + - [Scheduling Options](#scheduling-options) + - [Backup Options](#backup-options) + - [Backing Up to S3 Compatible Services](#backing-up-to-s3-compatible-services) + - [Upload to a Azure storage account by `blobxfer`](#upload-to-a-azure-storage-account-by-blobxfer) +- [Maintenance](#maintenance) + - [Shell Access](#shell-access) + - [Manual Backups](#manual-backups) + - [Restoring Databases](#restoring-databases) + - [Custom Scripts](#custom-scripts) + - [Path Options](#path-options) + - [Pre Backup](#pre-backup) + - [Post backup](#post-backup) +- [Support](#support) + - [Usage](#usage) + - [Bugfixes](#bugfixes) + - [Feature Requests](#feature-requests) + - [Updates](#updates) +- [License](#license) > **NOTE**: If you are using this with a docker-compose file along with a seperate SQL container, take care not to set the variables to backup immediately, more so have it delay execution for a minute, otherwise you will get a failed first backup. @@ -150,6 +149,8 @@ Be sure to view the following repositories to understand all the customizable op | `CREATE_LATEST_SYMLINK` | Create a symbolic link pointing to last backup in this format: `latest-(DB_TYPE)-(DB_NAME)-(DB_HOST)` | `TRUE` | | `PRE_SCRIPT` | Fill this variable in with a command to execute pre backing up | | | `POST_SCRIPT` | Fill this variable in with a command to execute post backing up | | +| `USER_DBBACKUP` | The uid that the image should read and write files as (username is `dbbackup`) | `10000` | +| `GROUP_DBBACKUP` | The gid that the image should read and write files as (groupname is `dbbackup`) | `10000` | | `SPLIT_DB` | For each backup, create a new archive. `TRUE` or `FALSE` (MySQL and Postgresql Only) | `TRUE` | ### Database Specific Options @@ -189,27 +190,27 @@ Your Organization will be mapped to `DB_USER` and your root token will need to b ### Backup Options -| Parameter | Description | Default | `_FILE` | -| ------------------------------ | ---------------------------------------------------------------------------------------------------------------------------- | ------------------------- | ------- | -| `COMPRESSION` | Use either Gzip `GZ`, Bzip2 `BZ`, XZip `XZ`, ZSTD `ZSTD` or none `NONE` | `ZSTD` | | -| `COMPRESSION_LEVEL` | Numerical value of what level of compression to use, most allow `1` to `9` except for `ZSTD` which allows for `1` to `19` - | `3` | | -| `ENABLE_PARALLEL_COMPRESSION` | Use multiple cores when compressing backups `TRUE` or `FALSE` | `TRUE` | | -| `PARALLEL_COMPRESSION_THREADS` | Maximum amount of threads to use when compressing - Integer value e.g. `8` | `autodetected` | | -| `GZ_RSYNCABLE` | Use `--rsyncable` (gzip only) for faster rsync transfers and incremental backup deduplication. e.g. `TRUE` | `FALSE` | | -| `ENABLE_CHECKSUM` | Generate either a MD5 or SHA1 in Directory, `TRUE` or `FALSE` | `TRUE` | | -| `CHECKSUM` | Either `MD5` or `SHA1` | `MD5` | | -| `EXTRA_OPTS` | If you need to pass extra arguments to the backup and database enumeration command, add them here e.g. `--extra-command` | | | -| `EXTRA_DUMP_OPTS` | If you need to pass extra arguments to the backup command only, add them here e.g. `--extra-command` | | | -| `EXTRA_ENUMERATION_OPTS` | If you need to pass extra arguments to the database enumeration command only, add them here e.g. `--extra-command` | | | -| `MYSQL_MAX_ALLOWED_PACKET` | Max allowed packet if backing up MySQL / MariaDB | `512M` | | -| `MYSQL_SINGLE_TRANSACTION` | Backup in a single transaction with MySQL / MariaDB | `TRUE` | | -| `MYSQL_STORED_PROCEDURES` | Backup stored procedures with MySQL / MariaDB | `TRUE` | | -| `MYSQL_ENABLE_TLS` | Enable TLS functionality for MySQL client | `FALSE` | | -| `MYSQL_TLS_VERIFY` | (optional) If using TLS (by means of MYSQL_TLS_* variables) verify remote host | `FALSE` | | -| `MYSQL_TLS_VERSION` | What TLS `v1.1` `v1.2` `v1.3` version to utilize | `TLSv1.1,TLSv1.2,TLSv1.3` | | -| `MYSQL_TLS_CA_FILE` | Filename to load custom CA certificate for connecting via TLS | `/etc/ssl/cert.pem` | x | -| `MYSQL_TLS_CERT_FILE` | Filename to load client certificate for connecting via TLS | | x | -| `MYSQL_TLS_KEY_FILE` | Filename to load client key for connecting via TLS | | x | +| Parameter | Description | Default | `_FILE` | +| ------------------------------ | --------------------------------------------------------------------------------------------------------------------------- | ------------------------- | ------- | +| `COMPRESSION` | Use either Gzip `GZ`, Bzip2 `BZ`, XZip `XZ`, ZSTD `ZSTD` or none `NONE` | `ZSTD` | | +| `COMPRESSION_LEVEL` | Numerical value of what level of compression to use, most allow `1` to `9` except for `ZSTD` which allows for `1` to `19` - | `3` | | +| `ENABLE_PARALLEL_COMPRESSION` | Use multiple cores when compressing backups `TRUE` or `FALSE` | `TRUE` | | +| `PARALLEL_COMPRESSION_THREADS` | Maximum amount of threads to use when compressing - Integer value e.g. `8` | `autodetected` | | +| `GZ_RSYNCABLE` | Use `--rsyncable` (gzip only) for faster rsync transfers and incremental backup deduplication. e.g. `TRUE` | `FALSE` | | +| `ENABLE_CHECKSUM` | Generate either a MD5 or SHA1 in Directory, `TRUE` or `FALSE` | `TRUE` | | +| `CHECKSUM` | Either `MD5` or `SHA1` | `MD5` | | +| `EXTRA_OPTS` | If you need to pass extra arguments to the backup and database enumeration command, add them here e.g. `--extra-command` | | | +| `EXTRA_DUMP_OPTS` | If you need to pass extra arguments to the backup command only, add them here e.g. `--extra-command` | | | +| `EXTRA_ENUMERATION_OPTS` | If you need to pass extra arguments to the database enumeration command only, add them here e.g. `--extra-command` | | | +| `MYSQL_MAX_ALLOWED_PACKET` | Max allowed packet if backing up MySQL / MariaDB | `512M` | | +| `MYSQL_SINGLE_TRANSACTION` | Backup in a single transaction with MySQL / MariaDB | `TRUE` | | +| `MYSQL_STORED_PROCEDURES` | Backup stored procedures with MySQL / MariaDB | `TRUE` | | +| `MYSQL_ENABLE_TLS` | Enable TLS functionality for MySQL client | `FALSE` | | +| `MYSQL_TLS_VERIFY` | (optional) If using TLS (by means of MYSQL_TLS_* variables) verify remote host | `FALSE` | | +| `MYSQL_TLS_VERSION` | What TLS `v1.1` `v1.2` `v1.3` version to utilize | `TLSv1.1,TLSv1.2,TLSv1.3` | | +| `MYSQL_TLS_CA_FILE` | Filename to load custom CA certificate for connecting via TLS | `/etc/ssl/cert.pem` | x | +| `MYSQL_TLS_CERT_FILE` | Filename to load client certificate for connecting via TLS | | x | +| `MYSQL_TLS_KEY_FILE` | Filename to load client key for connecting via TLS | | x | - When using compression with MongoDB, only `GZ` compression is possible. diff --git a/install/assets/functions/10-db-backup b/install/assets/functions/10-db-backup index afd0af8..5543ef2 100644 --- a/install/assets/functions/10-db-backup +++ b/install/assets/functions/10-db-backup @@ -1,5 +1,21 @@ #!/command/with-contenv bash +bootstrap_filesystem() { + if [ ! -d "${DB_DUMP_TARGET}" ]; then + mkdir -p "${DB_DUMP_TARGET}" + fi + if [ "$(stat -c %U "${DB_DUMP_TARGET}")" != "dbbackup" ] ; then chown -R dbbackup:dbbackup "${DB_DUMP_TARGET}" ; fi + + if [ -d "${DB_DUMP_TARGET_ARCHIVE}" ]; then + if [ "$(stat -c %U "${DB_DUMP_TARGET_ARCHIVE}")" != "dbbackup" ] ; then chown -R dbbackup:dbbackup "${DB_DUMP_TARGET_ARCHIVE}" ; fi + fi + + if [ ! -d "${TEMP_LOCATION}" ]; then + mkdir -p "${TEMP_LOCATION}" + fi + if [ "$(stat -c %U "${TEMP_LOCATION}")" != "dbbackup" ] ; then chown -R dbbackup:dbbackup "${TEMP_LOCATION}" ; fi +} + bootstrap_variables() { sanity_var DB_TYPE "Set appropriate DB_TYPE" transform_file_var \ @@ -132,7 +148,7 @@ backup_couch() { compression pre_dbbackup ${DB_NAME} print_notice "Dumping CouchDB database: '${DB_NAME}' ${compression_string}" - curl -sSL -X GET ${DB_HOST}:${DB_PORT}/${DB_NAME}/_all_docs?include_docs=true ${compress_cmd} | $compress_cmd > "${TEMP_LOCATION}"/"${target}" + run_as_user curl -sSL -X GET ${DB_HOST}:${DB_PORT}/${DB_NAME}/_all_docs?include_docs=true | ${compress_cmd} | run_as_user tee "${TEMP_LOCATION}"/"${target}" > /dev/null exit_code=$? check_exit_code backup $target generate_checksum @@ -159,11 +175,11 @@ backup_influx() { compression pre_dbbackup $db print_notice "Dumping Influx database: '${db}'" - influxd backup ${influx_compression} ${bucket} -portable -host ${DB_HOST}:${DB_PORT} ${EXTRA_OPTS} ${EXTRA_DUMP_OPTS} "${TEMP_LOCATION}"/"${target_dir}" + run_as_user influxd backup ${influx_compression} ${bucket} -portable -host ${DB_HOST}:${DB_PORT} ${EXTRA_OPTS} ${EXTRA_DUMP_OPTS} "${TEMP_LOCATION}"/"${target_dir}" exit_code=$? check_exit_code backup $target_dir print_notice "Creating archive file of '${target_dir}' with tar ${compression_string}" - tar cf - "${TEMP_LOCATION}"/"${target_dir}" | $dir_compress_cmd > "${TEMP_LOCATION}"/"${target_dir}".tar"${extension}" + run_as_user tar cf - "${TEMP_LOCATION}"/"${target_dir}" | ${dir_compress_cmd} | run_as_user tee "${TEMP_LOCATION}"/"${target_dir}".tar"${extension}" > /dev/null target=influx_${db}_${DB_HOST#*//}_${now}.tar${extension} ltarget=influx_${db}_${DB_HOST#*//} generate_checksum @@ -181,7 +197,7 @@ backup_influx() { compression pre_dbbackup $db print_notice "Dumping Influx2 database: '${db}'" - influx backup --org ${DB_USER} ${bucket} --host ${DB_HOST}:${DB_PORT} --token ${DB_PASS} ${EXTRA_OPTS} ${EXTRA_DUMP_OPTS} --compression none "${TEMP_LOCATION}"/"${target_dir}" + run_as_user influx backup --org ${DB_USER} ${bucket} --host ${DB_HOST}:${DB_PORT} --token ${DB_PASS} ${EXTRA_OPTS} ${EXTRA_DUMP_OPTS} --compression none "${TEMP_LOCATION}"/"${target_dir}" exit_code=$? check_exit_code backup $target_dir create_archive @@ -214,7 +230,7 @@ backup_mongo() { fi pre_dbbackup "${DB_NAME}" print_notice "Dumping MongoDB database: '${DB_NAME}' ${compression_string}" - silent mongodump --archive=${TEMP_LOCATION}/${target} ${mongo_compression} ${mongo_backup_parameter} + silent run_as_user mongodump --archive=${TEMP_LOCATION}/${target} ${mongo_compression} ${mongo_backup_parameter} exit_code=$? check_exit_code backup $target generate_checksum @@ -230,7 +246,7 @@ backup_mssql() { compression pre_dbbackup "${DB_NAME}" print_notice "Dumping MSSQL database: '${DB_NAME}'" - silent /opt/mssql-tools18/bin/sqlcmd -C -S ${DB_HOST}\,${DB_PORT} -U ${DB_USER} -P ${DB_PASS} -Q "BACKUP DATABASE [${DB_NAME}] TO DISK = N'${TEMP_LOCATION}/${target}' WITH NOFORMAT, NOINIT, NAME = '${DB_NAME}-full', SKIP, NOREWIND, NOUNLOAD, STATS = 10" + silent run_as_user /opt/mssql-tools18/bin/sqlcmd -C -S ${DB_HOST}\,${DB_PORT} -U ${DB_USER} -P ${DB_PASS} -Q "BACKUP DATABASE [${DB_NAME}] TO DISK = N'${TEMP_LOCATION}/${target}' WITH NOFORMAT, NOINIT, NAME = '${DB_NAME}-full', SKIP, NOREWIND, NOUNLOAD, STATS = 10" exit_code=$? check_exit_code backup $target generate_checksum @@ -249,7 +265,7 @@ backup_mysql() { if [ "${DB_NAME,,}" = "all" ] ; then print_debug "Preparing to back up everything except for information_schema and _* prefixes" - db_names=$(mysql -h ${DB_HOST} -P $DB_PORT -u$DB_USER ${mysql_tls_args} ${EXTRA_OPTS} ${EXTRA_ENUMERATION_OPTS} --batch -e "SHOW DATABASES;" | grep -v Database | grep -v schema ) + db_names=$(run_as_user mysql -h ${DB_HOST} -P $DB_PORT -u$DB_USER ${mysql_tls_args} ${EXTRA_OPTS} ${EXTRA_ENUMERATION_OPTS} --batch -e "SHOW DATABASES;" | grep -v Database | grep -v schema ) if [ -n "${DB_NAME_EXCLUDE}" ] ; then db_names_exclusions=$(echo "${DB_NAME_EXCLUDE}" | tr ',' '\n') for db_exclude in ${db_names_exclusions} ; do @@ -271,7 +287,7 @@ backup_mysql() { compression pre_dbbackup $db print_notice "Dumping MySQL/MariaDB database: '${db}' ${compression_string}" - mysqldump --max-allowed-packet=${MYSQL_MAX_ALLOWED_PACKET} -h ${DB_HOST} -P ${DB_PORT} -u${DB_USER} ${single_transaction} ${stored_procedures} ${mysql_tls_args} ${EXTRA_OPTS} ${EXTRA_DUMP_OPTS} $db | $compress_cmd > "${TEMP_LOCATION}"/"${target}" + run_as_user mysqldump --max-allowed-packet=${MYSQL_MAX_ALLOWED_PACKET} -h ${DB_HOST} -P ${DB_PORT} -u${DB_USER} ${single_transaction} ${stored_procedures} ${mysql_tls_args} ${EXTRA_OPTS} ${EXTRA_DUMP_OPTS} $db | ${compress_cmd} | run_as_user tee "${TEMP_LOCATION}"/"${target}" > /dev/null exit_code=$? check_exit_code backup $target generate_checksum @@ -287,7 +303,7 @@ backup_mysql() { compression pre_dbbackup all print_notice "Dumping all MySQL / MariaDB databases: '$(echo ${db_names} | xargs | tr ' ' ',')' ${compression_string}" - mysqldump --max-allowed-packet=${MYSQL_MAX_ALLOWED_PACKET} -h ${DB_HOST} -P ${DB_PORT} -u${DB_USER} ${single_transaction} ${stored_procedures} ${mysql_tls_args} ${EXTRA_OPTS} ${EXTRA_DUMP_OPTS} --databases $(echo ${db_names} | xargs) | $compress_cmd > "${TEMP_LOCATION}"/"${target}" + run_as_user mysqldump --max-allowed-packet=${MYSQL_MAX_ALLOWED_PACKET} -h ${DB_HOST} -P ${DB_PORT} -u${DB_USER} ${single_transaction} ${stored_procedures} ${mysql_tls_args} ${EXTRA_OPTS} ${EXTRA_DUMP_OPTS} --databases $(echo ${db_names} | xargs) | ${compress_cmd} | run_as_user tee "${TEMP_LOCATION}"/"${target}" > /dev/null exit_code=$? check_exit_code backup $target generate_checksum @@ -306,7 +322,7 @@ backup_pgsql() { fi if [ "${DB_NAME,,}" = "all" ] ; then print_debug "Preparing to back up all databases" - db_names=$(psql -h ${DB_HOST} -U ${DB_USER} -p ${DB_PORT} -d ${authdb} -c 'COPY (SELECT datname FROM pg_database WHERE datistemplate = false) TO STDOUT;' ) + db_names=$(run_as_user psql -h ${DB_HOST} -U ${DB_USER} -p ${DB_PORT} -d ${authdb} -c 'COPY (SELECT datname FROM pg_database WHERE datistemplate = false) TO STDOUT;' ) if [ -n "${DB_NAME_EXCLUDE}" ] ; then db_names_exclusions=$(echo "${DB_NAME_EXCLUDE}" | tr ',' '\n') for db_exclude in ${db_names_exclusions} ; do @@ -328,7 +344,7 @@ backup_pgsql() { compression pre_dbbackup $db print_notice "Dumping PostgresSQL database: '${db}' ${compression_string}" - pg_dump -h ${DB_HOST} -p ${DB_PORT} -U ${DB_USER} $db ${EXTRA_OPTS} ${EXTRA_DUMP_OPTS} | $compress_cmd > ${TEMP_LOCATION}/${target} + run_as_user pg_dump -h ${DB_HOST} -p ${DB_PORT} -U ${DB_USER} $db ${EXTRA_OPTS} ${EXTRA_DUMP_OPTS} | ${compress_cmd} | run_as_user tee "${TEMP_LOCATION}"/"${target}" > /dev/null exit_code=$? check_exit_code backup $target generate_checksum @@ -344,7 +360,7 @@ backup_pgsql() { compression pre_dbbackup all print_notice "Dumping all PostgreSQL databases: '$(echo ${db_names} | xargs | tr ' ' ',')' ${compression_string}" - tmp_db_names=$(psql -h ${DB_HOST} -U ${DB_USER} -p ${DB_PORT} -d ${authdb} -c 'COPY (SELECT datname FROM pg_database WHERE datistemplate = false) TO STDOUT;' ) + tmp_db_names=$(run_as_user psql -h ${DB_HOST} -U ${DB_USER} -p ${DB_PORT} -d ${authdb} -c 'COPY (SELECT datname FROM pg_database WHERE datistemplate = false) TO STDOUT;' ) for r_db_name in $(echo $db_names | xargs); do tmp_db_names=$(echo "$tmp_db_names" | xargs | sed "s|${r_db_name}||g" ) done @@ -352,7 +368,7 @@ backup_pgsql() { for x_db_name in ${tmp_db_names} ; do pgexclude_arg=$(echo ${pgexclude_arg} --exclude-database=${x_db_name}) done - pg_dumpall -h ${DB_HOST} -U ${DB_USER} -p ${DB_PORT} ${pgexclude_arg} ${EXTRA_OPTS} ${EXTRA_DUMP_OPTS} | $compress_cmd > ${TEMP_LOCATION}/${target} + run_as_user pg_dumpall -h ${DB_HOST} -U ${DB_USER} -p ${DB_PORT} ${pgexclude_arg} ${EXTRA_OPTS} ${EXTRA_DUMP_OPTS} | ${compress_cmd} | run_as_user tee "${TEMP_LOCATION}"/"${target}" > /dev/null exit_code=$? check_exit_code backup $target generate_checksum @@ -367,7 +383,7 @@ backup_redis() { print_notice "Dumping Redis - Flushing Redis Cache First" target=redis_all_${DB_HOST,,}_${now}.rdb ltarget=redis_${DB_HOST,,} - echo bgsave | silent redis-cli -h ${DB_HOST} -p ${DB_PORT} ${REDIS_PASS_STR} --rdb ${TEMP_LOCATION}/${target} ${EXTRA_OPTS} ${EXTRA_DUMP_OPTS} + echo bgsave | silent run_as_user redis-cli -h ${DB_HOST} -p ${DB_PORT} ${REDIS_PASS_STR} --rdb ${TEMP_LOCATION}/${target} ${EXTRA_OPTS} ${EXTRA_DUMP_OPTS} sleep 10 try=5 while [ $try -gt 0 ] ; do @@ -385,7 +401,7 @@ backup_redis() { target_original=${target} compression pre_dbbackup all - $compress_cmd "${TEMP_LOCATION}/${target_original}" + run_as_user ${compress_cmd} "${TEMP_LOCATION}/${target_original}" check_exit_code backup $target generate_checksum move_dbbackup @@ -402,10 +418,10 @@ backup_sqlite3() { compression pre_dbbackup $db print_notice "Dumping sqlite3 database: '${DB_HOST}' ${compression_string}" - silent sqlite3 "${DB_HOST}" ".backup '${TEMP_LOCATION}/backup.sqlite3'" + silent run_as_user sqlite3 "${DB_HOST}" ".backup '${TEMP_LOCATION}/backup.sqlite3'" exit_code=$? check_exit_code backup $target - cat "${TEMP_LOCATION}"/backup.sqlite3 | ${dir_compress_cmd} > "${TEMP_LOCATION}/${target}" + run_as_user cat "${TEMP_LOCATION}"/backup.sqlite3 | ${dir_compress_cmd} | run_as_user tee "${TEMP_LOCATION}/${target}" > /dev/null generate_checksum move_dbbackup check_exit_code move $target @@ -420,7 +436,7 @@ check_availability() { counter=0 code_received=0 while [ "${code_received}" != "200" ]; do - code_received=$(curl -XGET -sSL -o /dev/null -L -w ''%{http_code}'' ${DB_HOST}:${DB_PORT}) + code_received=$(run_as_user curl -XGET -sSL -o /dev/null -L -w ''%{http_code}'' ${DB_HOST}:${DB_PORT}) if [ "${code_received}" = "200" ] ; then break ; fi sleep 5 (( counter+=5 )) @@ -431,7 +447,7 @@ check_availability() { counter=0 case "${INFLUX_VERSION,,}" in 1 ) - while ! (nc -z ${DB_HOST#*//} ${DB_PORT}) ; do + while ! (run_as_user nc -z ${DB_HOST#*//} ${DB_PORT}) ; do sleep 5 (( counter+=5 )) print_warn "InfluxDB Host '${DB_HOST#*//}' is not accessible, retrying.. ($counter seconds so far)" @@ -440,7 +456,7 @@ check_availability() { 2 ) code_received=0 while [ "${code_received}" != "200" ]; do - code_received=$(curl -XGET -sSL -o /dev/null -w ''%{http_code}'' ${DB_HOST}:${DB_PORT}/health) + code_received=$(run_as_user curl -XGET -sSL -o /dev/null -w ''%{http_code}'' ${DB_HOST}:${DB_PORT}/health) if [ "${code_received}" = "200" ] ; then break ; fi sleep 5 (( counter+=5 )) @@ -454,7 +470,7 @@ check_availability() { print_debug "Skipping Connectivity Check" else counter=0 - while ! (nc -z ${DB_HOST} ${DB_PORT}) ; do + while ! (run_as_user nc -z ${DB_HOST} ${DB_PORT}) ; do sleep 5 (( counter+=5 )) print_warn "Mongo Host '${DB_HOST}' is not accessible, retrying.. ($counter seconds so far)" @@ -465,7 +481,7 @@ check_availability() { counter=0 transform_file_var DB_PASS export MYSQL_PWD=${DB_PASS} - while ! (mysqladmin -u"${DB_USER}" -P"${DB_PORT}" -h"${DB_HOST}" ${mysql_tls_args} status > /dev/null 2>&1) ; do + while ! (run_as_user mysqladmin -u"${DB_USER}" -P"${DB_PORT}" -h"${DB_HOST}" ${mysql_tls_args} status > /dev/null 2>&1) ; do sleep 5 (( counter+=5 )) print_warn "MySQL/MariaDB Server '${DB_HOST}' is not accessible, retrying.. (${counter} seconds so far)" @@ -473,7 +489,7 @@ check_availability() { ;; "mssql" ) counter=0 - while ! (nc -z ${DB_HOST} ${DB_PORT}) ; do + while ! (run_as_user nc -z ${DB_HOST} ${DB_PORT}) ; do sleep 5 (( counter+=5 )) print_warn "MSSQL Host '${DB_HOST}' is not accessible, retrying.. ($counter seconds so far)" @@ -481,7 +497,7 @@ check_availability() { ;; "pgsql" ) counter=0 - until pg_isready --host=${DB_HOST} --port=${DB_PORT} -q + until run_as_user pg_isready --host=${DB_HOST} --port=${DB_PORT} -q do sleep 5 (( counter+=5 )) @@ -490,7 +506,7 @@ check_availability() { ;; "redis" ) counter=0 - while ! (nc -z "${DB_HOST}" "${DB_PORT}") ; do + while ! (run_as_user nc -z "${DB_HOST}" "${DB_PORT}") ; do sleep 5 (( counter+=5 )) print_warn "Redis Host '${DB_HOST}' is not accessible, retrying.. ($counter seconds so far)" @@ -549,19 +565,19 @@ cleanup_old_data() { case "${BACKUP_LOCATION,,}" in "blobxfer" ) print_info "Cleaning up old backups on filesystem" - mkdir -p "${DB_DUMP_TARGET}" - find "${DB_DUMP_TARGET}"/ -mmin +"${DB_CLEANUP_TIME}" -iname "*" -exec rm {} \; + run_as_user mkdir -p "${DB_DUMP_TARGET}" + find "${DB_DUMP_TARGET}"/ -type f -mmin +"${DB_CLEANUP_TIME}" -iname "*" -exec rm -f {} \; print_info "Syncing changes via blobxfer" - silent blobxfer upload --mode file --remote-path ${BLOBXFER_REMOTE_PATH} --local-path ${DB_DUMP_TARGET} --delete --delete-only + silent run_as_user blobxfer upload --mode file --remote-path ${BLOBXFER_REMOTE_PATH} --local-path ${DB_DUMP_TARGET} --delete --delete-only ;; "file" | "filesystem" ) print_info "Cleaning up old backups on filesystem" - mkdir -p "${DB_DUMP_TARGET}" - find "${DB_DUMP_TARGET}"/ -mmin +"${DB_CLEANUP_TIME}" -iname "*" -exec rm {} \; + run_as_user mkdir -p "${DB_DUMP_TARGET}" + run_as_user find "${DB_DUMP_TARGET}"/ -type f -mmin +"${DB_CLEANUP_TIME}" -iname "*" -exec rm -f {} \; ;; "s3" | "minio" ) print_info "Cleaning up old backups on S3 storage" - aws ${PARAM_AWS_ENDPOINT_URL} s3 ls s3://${S3_BUCKET}/${S3_PATH}/ ${s3_ssl} ${s3_ca_cert} ${S3_EXTRA_OPTS} | grep " DIR " -v | grep " PRE " -v | while read -r s3_file; do + run_as_user aws ${PARAM_AWS_ENDPOINT_URL} s3 ls s3://${S3_BUCKET}/${S3_PATH}/ ${s3_ssl} ${s3_ca_cert} ${S3_EXTRA_OPTS} | grep " DIR " -v | grep " PRE " -v | while read -r s3_file; do s3_createdate=$(echo $s3_file | awk {'print $1" "$2'}) s3_createdate=$(date -d "$s3_createdate" "+%s") s3_olderthan=$(echo $(( $(date +%s)-${DB_CLEANUP_TIME}*60 ))) @@ -569,7 +585,7 @@ cleanup_old_data() { s3_filename=$(echo $s3_file | awk {'print $4'}) if [ "$s3_filename" != "" ] ; then print_debug "Deleting $s3_filename" - aws ${PARAM_AWS_ENDPOINT_URL} s3 rm s3://${S3_BUCKET}/${S3_PATH}/${s3_filename} ${s3_ssl} ${s3_ca_cert} ${S3_EXTRA_OPTS} + run_as_user aws ${PARAM_AWS_ENDPOINT_URL} s3 rm s3://${S3_BUCKET}/${S3_PATH}/${s3_filename} ${s3_ssl} ${s3_ca_cert} ${S3_EXTRA_OPTS} fi fi @@ -582,7 +598,6 @@ cleanup_old_data() { fi } - compression() { if var_false "${ENABLE_PARALLEL_COMPRESSION}" ; then PARALLEL_COMPRESSION_THREADS=1 @@ -652,7 +667,7 @@ compression() { create_archive() { if [ "${exit_code}" = "0" ] ; then print_notice "Creating archive file of '${target_dir}' with tar ${compression_string}" - tar cf - "${TEMP_LOCATION}"/"${target_dir}" | $dir_compress_cmd > "${TEMP_LOCATION}"/"${target_dir}".tar"${extension}" + run_as_user tar cf - "${TEMP_LOCATION}"/"${target_dir}" | ${dir_compress_cmd} > "${TEMP_LOCATION}"/"${target_dir}".tar"${extension}" else print_error "Skipping creating archive file because backup did not complete successfully" fi @@ -674,8 +689,9 @@ generate_checksum() { print_notice "Generating ${checksum_extension^^} for '${target}'" cd "${TEMP_LOCATION}" - ${checksum_command} "${target}" > "${target}"."${checksum_extension}" - checksum_value=$(${checksum_command} "${target}" | awk ' { print $1}') + run_as_user ${checksum_command} "${target}" | run_as_user tee "${target}"."${checksum_extension}" > /dev/null + ## TODO - We're doing this twice, why not just pull from the previously generated file + checksum_value=$(run_as_user ${checksum_command} "${target}" | awk ' { print $1}') print_debug "${checksum_extension^^}: ${checksum_value} - ${target}" else print_error "Skipping Checksum creation because backup did not complete successfully" @@ -685,8 +701,8 @@ generate_checksum() { move_dbbackup() { if [ "${exit_code}" = "0" ] ; then - dbbackup_size="$(stat -c%s "${TEMP_LOCATION}"/"${target}")" - dbbackup_date="$(date -r "${TEMP_LOCATION}"/"${target}" +'%s')" + dbbackup_size="$(run_as_user stat -c%s "${TEMP_LOCATION}"/"${target}")" + dbbackup_date="$(run_as_user date -r "${TEMP_LOCATION}"/"${target}" +'%s')" case "${SIZE_VALUE,,}" in "b" | "bytes" ) @@ -700,26 +716,26 @@ move_dbbackup() { ;; esac if [ "$SIZE_VALUE" = "1" ] ; then - filesize=$(stat -c%s "${TEMP_LOCATION}"/"${target}") + filesize=$(run_as_user stat -c%s "${TEMP_LOCATION}"/"${target}") print_notice "Backup of ${target} created with the size of ${filesize} bytes" else - filesize=$(du -h "${TEMP_LOCATION}"/"${target}" | awk '{ print $1}') + filesize=$(run_as_user du -h "${TEMP_LOCATION}"/"${target}" | awk '{ print $1}') print_notice "Backup of ${target} created with the size of ${filesize}" fi case "${BACKUP_LOCATION,,}" in "file" | "filesystem" ) print_debug "Moving backup to filesystem" - mkdir -p "${DB_DUMP_TARGET}" - if var_true "${ENABLE_CHECKSUM}" ; then mv "${TEMP_LOCATION}"/*."${checksum_extension}" "${DB_DUMP_TARGET}"/ ; fi - mv "${TEMP_LOCATION}"/"${target}" "${DB_DUMP_TARGET}"/"${target}" + run_as_user mkdir -p "${DB_DUMP_TARGET}" + if var_true "${ENABLE_CHECKSUM}" ; then run_as_user mv "${TEMP_LOCATION}"/*."${checksum_extension}" "${DB_DUMP_TARGET}"/ ; fi + run_as_user mv "${TEMP_LOCATION}"/"${target}" "${DB_DUMP_TARGET}"/"${target}" move_exit_code=$? if var_true "${CREATE_LATEST_SYMLINK}" ; then - ln -sf "${DB_DUMP_TARGET}"/"${target}" "${DB_DUMP_TARGET}"/latest-"${ltarget}" + run_as_user ln -sf "${DB_DUMP_TARGET}"/"${target}" "${DB_DUMP_TARGET}"/latest-"${ltarget}" fi if [ -n "${DB_ARCHIVE_TIME}" ] ; then - mkdir -p "${DB_DUMP_TARGET_ARCHIVE}" - find "${DB_DUMP_TARGET}"/ -maxdepth 1 -mmin +"${DB_ARCHIVE_TIME}" -iname "*" -exec mv {} "${DB_DUMP_TARGET_ARCHIVE}" \; + run_as_user mkdir -p "${DB_DUMP_TARGET_ARCHIVE}" + run_as_user find "${DB_DUMP_TARGET}"/ -type f -maxdepth 1 -mmin +"${DB_ARCHIVE_TIME}" -iname "*" -exec mv {} "${DB_DUMP_TARGET_ARCHIVE}" \; fi ;; "s3" | "minio" ) @@ -745,39 +761,39 @@ move_dbbackup() { silent aws ${PARAM_AWS_ENDPOINT_URL} s3 cp ${TEMP_LOCATION}/${target} s3://${S3_BUCKET}/${S3_PATH}/${target} ${s3_ssl} ${s3_ca_cert} ${S3_EXTRA_OPTS} move_exit_code=$? if var_true "${ENABLE_CHECKSUM}" ; then - silent aws ${PARAM_AWS_ENDPOINT_URL} s3 cp ${TEMP_LOCATION}/*.${checksum_extension} s3://${S3_BUCKET}/${S3_PATH}/ ${s3_ssl} ${s3_ca_cert} ${S3_EXTRA_OPTS} + silent run_as_user aws ${PARAM_AWS_ENDPOINT_URL} s3 cp ${TEMP_LOCATION}/*.${checksum_extension} s3://${S3_BUCKET}/${S3_PATH}/ ${s3_ssl} ${s3_ca_cert} ${S3_EXTRA_OPTS} fi - if var_true "${ENABLE_CHECKSUM}" ; then rm -rf "${TEMP_LOCATION}"/*."${checksum_extension}"; fi - rm -rf "${TEMP_LOCATION}"/"${target}" + if var_true "${ENABLE_CHECKSUM}" ; then run_as_user rm -rf "${TEMP_LOCATION}"/*."${checksum_extension}"; fi + run_as_user rm -rf "${TEMP_LOCATION}"/"${target}" ;; "blobxfer" ) print_info "Moving backup to external storage with blobxfer" mkdir -p "${DB_DUMP_TARGET}" - if var_true "${ENABLE_CHECKSUM}" ; then mv "${TEMP_LOCATION}"/*."${checksum_extension}" "${DB_DUMP_TARGET}"/; fi + if var_true "${ENABLE_CHECKSUM}" ; then run_as_user mv "${TEMP_LOCATION}"/*."${checksum_extension}" "${DB_DUMP_TARGET}"/; fi - mv "${TEMP_LOCATION}"/"${target}" "${DB_DUMP_TARGET}"/"${target}" + run_as_user mv "${TEMP_LOCATION}"/"${target}" "${DB_DUMP_TARGET}"/"${target}" - silent blobxfer upload --mode file --remote-path ${BLOBXFER_REMOTE_PATH} --local-path ${DB_DUMP_TARGET} + silent run_as_user blobxfer upload --mode file --remote-path ${BLOBXFER_REMOTE_PATH} --local-path ${DB_DUMP_TARGET} move_exit_code=$? - if var_true "${ENABLE_CHECKSUM}" ; then rm -rf "${TEMP_LOCATION}"/*."${checksum_extension}" ; fi - rm -rf "${TEMP_LOCATION}"/"${target}" + if var_true "${ENABLE_CHECKSUM}" ; then run_as_user rm -rf "${TEMP_LOCATION}"/*."${checksum_extension}" ; fi + run_as_user rm -rf "${TEMP_LOCATION}"/"${target}" ;; esac else print_error "Skipping moving DB Backup to final location because backup did not complete successfully" fi - rm -rf "${TEMP_LOCATION}"/* + run_as_user rm -rf "${TEMP_LOCATION}"/* } prepare_dbbackup() { - dbbackup_start_time=$(date +"%s") - now=$(date +"%Y%m%d-%H%M%S") - now_time=$(date +"%H:%M:%S") - now_date=$(date +"%Y-%m-%d") + dbbackup_start_time=$(run_as_user date +"%s") + now=$(run_as_user date +"%Y%m%d-%H%M%S") + now_time=$(run_as_user date +"%H:%M:%S") + now_date=$(run_as_user date +"%Y-%m-%d") ltarget=${dbtype}_${DB_NAME,,}_${DB_HOST,,} target=${dbtype}_${DB_NAME,,}_${DB_HOST,,}_${now}.sql } @@ -786,11 +802,11 @@ pre_dbbackup() { ### Pre Script Support if [ -n "${PRE_SCRIPT}" ] ; then if var_true "${PRE_SCRIPT_SKIP_X_VERIFY}" ; then - eval "${PRE_SCRIPT}" "${dbtype}" "${DB_HOST}" "${1}" "${dbbackup_start_time}" "${target}" + run_as_user eval "${PRE_SCRIPT}" "${dbtype}" "${DB_HOST}" "${1}" "${dbbackup_start_time}" "${target}" else if [ -x "${PRE_SCRIPT}" ] ; then print_notice "Found PRE_SCRIPT environment variable. Executing '${PRE_SCRIPT}" - eval "${PRE_SCRIPT}" "${dbtype}" "${DB_HOST}" "${1}" "${dbbackup_start_time}" "${target}" + run_as_user eval "${PRE_SCRIPT}" "${dbtype}" "${DB_HOST}" "${1}" "${dbbackup_start_time}" "${target}" else print_error "Can't execute PRE_SCRIPT environment variable '${PRE_SCRIPT}' as its filesystem bit is not executible!" fi @@ -800,19 +816,19 @@ pre_dbbackup() { ### Pre Backup Custom Script Support if [ -d "/assets/custom-scripts/pre" ] && dir_notempty "/assets/custom-scripts/pre" ; then print_warning "Found Custom Post Scripts in /assets/custom-scripts/pre - Automatically moving them to '${SCRIPT_LOCATION_PRE}'" - mkdir -p "${SCRIPT_LOCATION_PRE}" - silent cp /assets/custom-scripts/pre/* "${SCRIPT_LOCATION_PRE}" + run_as_user mkdir -p "${SCRIPT_LOCATION_PRE}" + silent run_as_user cp /assets/custom-scripts/pre/* "${SCRIPT_LOCATION_PRE}" fi if [ -d "${SCRIPT_LOCATION_PRE}" ] && dir_notempty "${SCRIPT_LOCATION_PRE}" ; then for f in $(find ${SCRIPT_LOCATION_PRE} -name \*.sh -type f); do if var_true "${PRE_SCRIPT_SKIP_X_VERIFY}" ; then - ${f} "${dbtype}" "${DB_HOST}" "${1}" "${dbbackup_start_time}" "${target}" + run_as_user ${f} "${dbtype}" "${DB_HOST}" "${1}" "${dbbackup_start_time}" "${target}" else if [ -x "${f}" ] ; then print_notice "Executing pre backup custom script : '${f}'" ## script DB_TYPE DB_HOST DB_NAME STARTEPOCH BACKUP_FILENAME - ${f} "${dbtype}" "${DB_HOST}" "${1}" "${dbbackup_start_time}" "${target}" + run_as_user ${f} "${dbtype}" "${DB_HOST}" "${1}" "${dbbackup_start_time}" "${target}" else print_error "Can't run pre backup custom script: '${f}' as its filesystem bit is not executible!" fi @@ -822,26 +838,27 @@ pre_dbbackup() { } post_dbbackup() { - dbbackup_finish_time=$(date +"%s") - dbbackup_total_time=$(echo $((dbbackup_finish_time-dbbackup_start_time))) + dbbackup_finish_time=$(run_as_user date +"%s") + dbbackup_total_time=$(run_as_user echo $((dbbackup_finish_time-dbbackup_start_time))) if var_true "${CONTAINER_ENABLE_MONITORING}" ; then print_notice "Sending Backup Statistics to Zabbix" - silent zabbix_sender -c /etc/zabbix/zabbix_agentd.conf -k dbbackup.size -o "${dbbackup_size}" - silent zabbix_sender -c /etc/zabbix/zabbix_agentd.conf -k dbbackup.datetime -o "${dbbackup_date}" - silent zabbix_sender -c /etc/zabbix/zabbix_agentd.conf -k dbbackup.status -o "${exit_code}" - silent zabbix_sender -c /etc/zabbix/zabbix_agentd.conf -k dbbackup.backup_duration -o "$(echo $((dbbackup_finish_time-dbbackup_start_time)))" + ## TODO - Optimize this into one command + silent run_as_user zabbix_sender -c /etc/zabbix/zabbix_agentd.conf -k dbbackup.size -o "${dbbackup_size}" + silent run_as_user zabbix_sender -c /etc/zabbix/zabbix_agentd.conf -k dbbackup.datetime -o "${dbbackup_date}" + silent run_as_user zabbix_sender -c /etc/zabbix/zabbix_agentd.conf -k dbbackup.status -o "${exit_code}" + silent run_as_user zabbix_sender -c /etc/zabbix/zabbix_agentd.conf -k dbbackup.backup_duration -o "$(echo $((dbbackup_finish_time-dbbackup_start_time)))" if [ "$?" != "0" ] ; then print_error "Error sending statistics, consider disabling with 'CONTAINER_ENABLE_MONITORING=FALSE'" ; fi fi ### Post Script Support if [ -n "${POST_SCRIPT}" ] ; then if var_true "${POST_SCRIPT_SKIP_X_VERIFY}" ; then - eval "${POST_SCRIPT}" "${exit_code}" "${dbtype}" "${DB_HOST}" "${1}" "${dbbackup_start_time}" "${dbbackup_finish_time}" "${dbbackup_total_time}" "${target}" "${filesize}" "${checksum_value}" "${move_exit_code}" + run_as_user eval "${POST_SCRIPT}" "${exit_code}" "${dbtype}" "${DB_HOST}" "${1}" "${dbbackup_start_time}" "${dbbackup_finish_time}" "${dbbackup_total_time}" "${target}" "${filesize}" "${checksum_value}" "${move_exit_code}" else if [ -x "${POST_SCRIPT}" ] ; then print_notice "Found POST_SCRIPT environment variable. Executing '${POST_SCRIPT}" - eval "${POST_SCRIPT}" "${exit_code}" "${dbtype}" "${DB_HOST}" "${1}" "${dbbackup_start_time}" "${dbbackup_finish_time}" "${dbbackup_total_time}" "${target}" "${filesize}" "${checksum_value}" "${move_exit_code}" + run_as_user eval "${POST_SCRIPT}" "${exit_code}" "${dbtype}" "${DB_HOST}" "${1}" "${dbbackup_start_time}" "${dbbackup_finish_time}" "${dbbackup_total_time}" "${target}" "${filesize}" "${checksum_value}" "${move_exit_code}" else print_error "Can't execute POST_SCRIPT environment variable '${POST_SCRIPT}' as its filesystem bit is not executible!" fi @@ -851,19 +868,19 @@ post_dbbackup() { ### Post Backup Custom Script Support if [ -d "/assets/custom-scripts/" ] && dir_notempty "/assets/custom-scripts" ; then print_warning "Found Custom Post Scripts in /assets/custom-scripts/ - Automatically moving them to '${SCRIPT_LOCATION_POST}'" - mkdir -p "${SCRIPT_LOCATION_POST}" - silent cp /assets/custom-scripts/* "${SCRIPT_LOCATION_POST}" + run_as_user mkdir -p "${SCRIPT_LOCATION_POST}" + silent run_as_user cp /assets/custom-scripts/* "${SCRIPT_LOCATION_POST}" fi if [ -d "${SCRIPT_LOCATION_POST}" ] && dir_notempty "${SCRIPT_LOCATION_POST}" ; then - for f in $(find ${SCRIPT_LOCATION_POST} -name \*.sh -type f); do + for f in $(run_as_user find ${SCRIPT_LOCATION_POST} -name \*.sh -type f); do if var_true "${POST_SCRIPT_SKIP_X_VERIFY}" ; then - ${f} "${exit_code}" "${dbtype}" "${DB_HOST}" "${1}" "${dbbackup_start_time}" "${dbbackup_finish_time}" "${dbbackup_total_time}" "${target}" "${filesize}" "${checksum_value}" "${move_exit_code}" + run_as_user ${f} "${exit_code}" "${dbtype}" "${DB_HOST}" "${1}" "${dbbackup_start_time}" "${dbbackup_finish_time}" "${dbbackup_total_time}" "${target}" "${filesize}" "${checksum_value}" "${move_exit_code}" else if [ -x "${f}" ] ; then print_notice "Executing post backup custom script : '${f}'" ## script EXIT_CODE DB_TYPE DB_HOST DB_NAME STARTEPOCH FINISHEPOCH DURATIONEPOCH BACKUP_FILENAME FILESIZE CHECKSUMVALUE - ${f} "${exit_code}" "${dbtype}" "${DB_HOST}" "${1}" "${dbbackup_start_time}" "${dbbackup_finish_time}" "${dbbackup_total_time}" "${target}" "${filesize}" "${checksum_value}" "${move_exit_code}" + run_as_user ${f} "${exit_code}" "${dbtype}" "${DB_HOST}" "${1}" "${dbbackup_start_time}" "${dbbackup_finish_time}" "${dbbackup_total_time}" "${target}" "${filesize}" "${checksum_value}" "${move_exit_code}" else print_error "Can't run post backup custom script: '${f}' as its filesystem bit is not executible!" fi @@ -876,6 +893,10 @@ post_dbbackup() { unset s3_ca_cert } +run_as_user() { + s6-setuidgid dbbackup $@ +} + sanity_test() { sanity_var DB_TYPE "Database Type" sanity_var DB_HOST "Database Host" diff --git a/install/etc/cont-init.d/10-db-backup b/install/etc/cont-init.d/10-db-backup index 46a75d4..4e854dd 100755 --- a/install/etc/cont-init.d/10-db-backup +++ b/install/etc/cont-init.d/10-db-backup @@ -6,6 +6,7 @@ prepare_service 03-monitoring PROCESS_NAME="db-backup" output_off +bootstrap_filesystem bootstrap_variables sanity_test setup_mode