Jump to content

Trying to make a backup script, need help with permissions


DoctorCox

Recommended Posts

Gentlemen,

 

I am trying to create a PHP script that will create then FTP to another server a GZIPped backup of our CMS database. It's a FreeBSD server running Apache and cPanel, but the same script will be deployed on a Linux server too should it prove successful.

 

The FTP stuff is easy, but where I have gotten stuck is getting the permissions right to allow mysqldump to output the file successfully. Before anyone replies, PHPSUEXEC is more than likely not a valid option for this operation. It introduces problems of it's own, and from what I have, will more than likely break the CMS I have developed. Only two sets of permissions and ownership will allow this script to work, and I would like the input of people more knowledgeable than myself on such matters on the potential risks of either approach.

 

- Obviously 0777 permissions is the first. But I have read and seen first hand the risks of doing this. However, if I use a directory that's outside of the Apache home directory, is there still a risk someone could use the directory to break in? Realistically, how could they know it was there anyway? The only way would be to break in and find the PHP backup script, in which case they have probably got in to the point where the consequences of a 0777 folder are relatively little.

- The next idea that worked was to chown the backup folder (which again is still outside of /home) to user nobody. To my inexperienced eye, this seems unlikely to have risks, or at least is the least risky of the two options.

 

I just had another idea that I shall try, and that is to upload the backup script as root to a folder outside of /home, but then I do not know if the cron tab will be allowed to run it, must check it.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.