Backup Script, how can I make it better/secure?


#1

I made a backup script to backup a domain, a sub-domain, and a MySQL DB. The domain is standard HTML/Flash, the subdomain is a Magento Store, and the DB is the Magento DB. Here is what the script looks like:

[quote]#!/bin/sh

5/19/09

backup.domain.com.sh

Backup /domain.com & /store.domain.com & mysql.domain.com

TODAYSDATE="$(date +"%Y%m%d")“
DOTCOMSOURCE=”/home/user/domain.com"
DOTCOMDESTINATION="/home/user/BACKUPS/$TODAYSDATE/domain.com-BACKUP-$TODAYSDATE.tgz"
STORESOURCE="/home/user/store.domain.com"
STOREDESTINATION="/home/user/BACKUPS/$TODAYSDATE/store.domain.com-BACKUP-$TODAYSDATE.tgz"
MYSQLDBDUMP="/home/user/BACKUPS/$TODAYSDATE/mysql.domain.com-BACKUP-$TODAYSDATE.sql"
LOG="/home/user/BACKUPS/$TODAYSDATE/domain.com-BACKUP-$TODAYSDATE.log"

mkdir $TODAYSDATE
echo “Backup .COM Begin: $(date)” >> $LOG
tar cvpzf “$DOTCOMDESTINATION” “$DOTCOMSOURCE” >> $LOG
echo “Backup .COM End: $(date)” >> $LOG
echo “#######################” >> $LOG
echo “Backup STORE Begin: $(date)” >> $LOG
tar cvpzf “$STOREDESTINATION” “$STORESOURCE” >> $LOG
echo “Backup STORE End: $(date)” >> $LOG
echo “#######################” >> $LOG
echo “Backup MySQL DB Begin: $(date)” >> $LOG
mysqldump --opt --user=****** --password=****** --host=mysql.domain.com magento_**** > $MYSQLDBDUMP
tar cvpzf “$MYSQLDBDUMP.tgz” “$MYSQLDBDUMP” >> $LOG
rm $MYSQLDBDUMP
echo “Backup MySQL DB End: $(date)” >> $LOG[/quote]
A couple of problems:

  1. The username and passwords for the MySQL Dump are stored in plain text. How can I make this more secure? Can other DreamHost users navigate into my home directories and read this?
  2. When I run the script I get the following messages:

[quote]tar: Removing leading /' from member names tar: Removing leading/’ from member names
tar: Removing leading `/’ from member names
[/quote]
Why is that? Should I be worried?

Any/All idea’s on how to make this script better &/or more secure would be greatly appreciated.
TiA,
-BassKozz


#2

If you turned on Enhanced User Security in the panel for Users -> Manage Users and then Edit, your home directory is locked up and others can’t get in. Besides, the username and password are probably in some other file for your site.

When making tarfiles, I use relative paths since at home, I don’t have a /home/USERNAME/example.com/blahblah like it is here.

-Scott


#3

Ok, Enhanced Security is enabled :slight_smile:

As for relative paths, I did some research and according to what I’ve found if I add the “P” option to my tar command that should eliminate the warning messages I was getting:

according to the man page (http://unixhelp.ed.ac.uk/CGI/man-cgi?tar):

[quote]-P, --absolute-names
don’t strip leading `/'s from file names[/quote]
So should I use “-P” ?
Relative vs. Absolute paths is confusing to me :s


#4

You may stick with absolute paths if you want to put the files back exactly where they came from. There may be an option to restore to a relative path, but if you do a standard extract, it’ll want to put them back where they came from.

The disadvantage of all of this is that it’s pretty convenient to restore to a different location and easily pull just what you want.

-Scott


#5

Ok I am trying to make a restore script now to restore from the backups I made with the backup script.
Here goes:

[quote]#!/bin/sh

5/30/09

restore.domain.com.sh

RESTORE /domain.com & /store.domain.com & mysql.domain.com

You must enter the DATE you want to restore from

echo -n "Please Enter the RESTORE DATE you would like to Restore (YYYYMMDD): "
read -e RESTOREDATE

DOTCOMDESTINATION="/home/user/domain.com"
DOTCOMSOURCE="/home/user/BACKUPS/$RESTOREDATE/domain.com-BACKUP-$RESTOREDATE.tgz"
STOREDESTINATION="/home/user/store.domain.com"
STORESOURCE="/home/user/BACKUPS/$RESTOREDATE/store.domain.com-BACKUP-$RESTOREDATE.tgz"
MYSQLDBDUMP="/home/user/BACKUPS/$RESTOREDATE/mysql.domain.com-BACKUP-$RESTOREDATE.sql"
LOG="/home/user/BACKUPS/$RESTOREDATE/domain.com-RESTORE-$RESTOREDATE.log"

echo “Restore .COM Begin: $(date)” >> $LOG
tar -C “$DOTCOMDESTINATION” -xvzf “$DOTCOMSOURCE” >> $LOG
echo “Restore .COM End: $(date)” >> $LOG
echo “#######################” >> $LOG
echo “Restore STORE Begin: $(date)” >> $LOG
tar -C “$STOREDESTINATION” -xvzf “$STORESOURCE” >> $LOG
echo “Restore STORE End: $(date)” >> $LOG
echo “#######################” >> $LOG
echo “Restore MySQL DB Begin: $(date)” >> $LOG
tar -xvzf $MYSQLDBDUMP.tgz >> $LOG
mysql --user=****** --password=****** --host=mysql.domain.com magento_**** < $MYSQLDBDUMP
rm $MYSQLDBDUMP
echo “Restore MySQL DB End: $(date)” >> $LOG[/quote]
How does that look, am I missing anything? I am nervous to test this out, because I don’t want to screw anything up, and I am new to scripting. So I appreciate all comments.
Thanks in advance,
-BassKozz