DoctorCox Posted May 5, 2008 Share Posted May 5, 2008 Gentlemen, I am trying to create a PHP script that will create then FTP to another server a GZIPped backup of our CMS database. It's a FreeBSD server running Apache and cPanel, but the same script will be deployed on a Linux server too should it prove successful. The FTP stuff is easy, but where I have gotten stuck is getting the permissions right to allow mysqldump to output the file successfully. Before anyone replies, PHPSUEXEC is more than likely not a valid option for this operation. It introduces problems of it's own, and from what I have, will more than likely break the CMS I have developed. Only two sets of permissions and ownership will allow this script to work, and I would like the input of people more knowledgeable than myself on such matters on the potential risks of either approach. - Obviously 0777 permissions is the first. But I have read and seen first hand the risks of doing this. However, if I use a directory that's outside of the Apache home directory, is there still a risk someone could use the directory to break in? Realistically, how could they know it was there anyway? The only way would be to break in and find the PHP backup script, in which case they have probably got in to the point where the consequences of a 0777 folder are relatively little. - The next idea that worked was to chown the backup folder (which again is still outside of /home) to user nobody. To my inexperienced eye, this seems unlikely to have risks, or at least is the least risky of the two options. I just had another idea that I shall try, and that is to upload the backup script as root to a folder outside of /home, but then I do not know if the cron tab will be allowed to run it, must check it. Quote Link to comment Share on other sites More sharing options...
DoctorCox Posted May 5, 2008 Author Share Posted May 5, 2008 No, my last idea did not work. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.