Change permissions on backup files

Use more restrictive permissions for backup tar files and for the db, uploads, and repositories directories inside the tar files.
author: Vinnie Okada <vokada@mrvinn.com> 2015-03-15 12:54:36 -0600
committer: Vinnie Okada <vokada@mrvinn.com> 2015-03-17 19:04:21 -0600
commit: 61c06c5e1ae87914343312b956d5b289d568b71f (patch)
tree: 4d914a933842461a8401555d985fe742d39f9b62 /lib/backup
parent: 5bbc70da9cb439342bdbe022988e4e734d891f44 (diff)
download: gitlab-ce-61c06c5e1ae87914343312b956d5b289d568b71f.tar.gz
1 files changed, 13 insertions, 5 deletions
diff --git a/lib/backup/manager.rb b/lib/backup/manager.rb
index ab8db4e9837..1a4f28d106d 100644
--- a/lib/backup/manager.rb
+++ b/lib/backup/manager.rb
@@ -11,22 +11,28 @@ module Backup
       s[:tar_version]        = tar_version
       tar_file = "#{s[:backup_created_at].to_i}_gitlab_backup.tar"
 
+      orig_pwd = Dir.pwd
       Dir.chdir(Gitlab.config.backup.path)
 
       File.open("#{Gitlab.config.backup.path}/backup_information.yml", "w+") do |file|
         file << s.to_yaml.gsub(/^---\n/,'')
       end
 
+      FileUtils.chmod_R(0700, %w{db uploads repositories})
+
       # create archive
       $progress.print "Creating backup archive: #{tar_file} ... "
+      orig_umask = File.umask(0077)
       if Kernel.system('tar', '-cf', tar_file, *BACKUP_CONTENTS)
         $progress.puts "done".green
       else
         puts "creating archive #{tar_file} failed".red
         abort 'Backup failed'
       end
+      File.umask(orig_umask)
 
       upload(tar_file)
+      Dir.chdir(orig_pwd)
     end
 
     def upload(tar_file)
@@ -51,11 +57,13 @@ module Backup
 
     def cleanup
       $progress.print "Deleting tmp directories ... "
-      if Kernel.system('rm', '-rf', *BACKUP_CONTENTS)
-        $progress.puts "done".green
-      else
-        puts "deleting tmp directory failed".red
-        abort 'Backup failed'
+      BACKUP_CONTENTS.each do |dir|
+        if FileUtils.rm_rf(File.join(Gitlab.config.backup.path, dir))
+          $progress.puts "done".green
+        else
+          puts "deleting tmp directory '#{dir}' failed".red
+          abort 'Backup failed'
+        end
       end
     end
author	Vinnie Okada <vokada@mrvinn.com>	2015-03-15 12:54:36 -0600
committer	Vinnie Okada <vokada@mrvinn.com>	2015-03-17 19:04:21 -0600
commit	61c06c5e1ae87914343312b956d5b289d568b71f (patch)
tree	4d914a933842461a8401555d985fe742d39f9b62 /lib/backup
parent	5bbc70da9cb439342bdbe022988e4e734d891f44 (diff)
download	gitlab-ce-61c06c5e1ae87914343312b956d5b289d568b71f.tar.gz