- Joined
- Feb 27, 2003
- Messages
- 8,469
Hello,
1) I've had a thought which may work as a good all-round solution to solve everything.
If we run tar as "user:apache", instead of "user:user", that would satisfy the backup creation. It would also limit the security issue much less than it was before. I'd have an option to shut it off, but based on the current response, it will have to be on by default. Since the backup must see the apache files, the only 2 process IDs that can see them are apache, and root, hence that's currently the top solution in my mind. Having DA run through all files before each backup isn't a great option in my mind, but I don't mind coding it if it would offer a better solution (in a manner I'm not seeing).
Note, I'll leave the file-checker running at update time, and available to be run at anytime, since it's a good way to check the state of things.
2) Another option is to leave the current backup system as is, and have a pre-check to run through everything to chmod to 755 or 644 if it's apache 600, etc.. This issue with that is if a file is created after the check, and before the backup. This method would also increase the system load when backups are created due to the pre-checks.
3) or.. go to the old backup system with higher backup rights, and again have a pre-check but only for dangerous files. This one is riskier, but will have fewer errors. The risk is again the delay after the check, before the backup is created. Also, it doesn't rely on unix security, it would put all faith in the pre-check, which may not account for future/unforseen issues.
4) Probably something that's going to end up happening regardless, since everyone has a different opinion on this.. options for all of the above in the directadmin.conf. This allows for all levels of tastes to be satisfied, since each method has pros and cons. If this is the decided method (all of them), then the issue then falls down to what the default should be, as this is what 95% people would likely be using. Security vs Functionality.
Comments welcome.
John
1) I've had a thought which may work as a good all-round solution to solve everything.
If we run tar as "user:apache", instead of "user:user", that would satisfy the backup creation. It would also limit the security issue much less than it was before. I'd have an option to shut it off, but based on the current response, it will have to be on by default. Since the backup must see the apache files, the only 2 process IDs that can see them are apache, and root, hence that's currently the top solution in my mind. Having DA run through all files before each backup isn't a great option in my mind, but I don't mind coding it if it would offer a better solution (in a manner I'm not seeing).
Note, I'll leave the file-checker running at update time, and available to be run at anytime, since it's a good way to check the state of things.
2) Another option is to leave the current backup system as is, and have a pre-check to run through everything to chmod to 755 or 644 if it's apache 600, etc.. This issue with that is if a file is created after the check, and before the backup. This method would also increase the system load when backups are created due to the pre-checks.
3) or.. go to the old backup system with higher backup rights, and again have a pre-check but only for dangerous files. This one is riskier, but will have fewer errors. The risk is again the delay after the check, before the backup is created. Also, it doesn't rely on unix security, it would put all faith in the pre-check, which may not account for future/unforseen issues.
4) Probably something that's going to end up happening regardless, since everyone has a different opinion on this.. options for all of the above in the directadmin.conf. This allows for all levels of tastes to be satisfied, since each method has pros and cons. If this is the decided method (all of them), then the issue then falls down to what the default should be, as this is what 95% people would likely be using. Security vs Functionality.
Comments welcome.
John
