Moodle

automate moving of old backups into some archive

Details

  • Type: Task Task
  • Status: Open Open
  • Priority: Major Major
  • Resolution: Unresolved
  • Affects Version/s: 1.9.6
  • Fix Version/s: STABLE backlog
  • Component/s: Backup
  • Labels:
  • Affected Branches:
    MOODLE_19_STABLE

Description

We need to move away all out backups with weak passwords to some hidden location in dataroot, we can not delete them just in case the backups are needed.

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Petr Škoda (skodak) added a comment -

This should be some simple shell script which looks for all backupdata folders and moves them to "$CFG->dataroot/backuparchive/"

Show
Petr Škoda (skodak) added a comment - This should be some simple shell script which looks for all backupdata folders and moves them to "$CFG->dataroot/backuparchive/"
Hide
Permalink
Iñaki Arenaza added a comment -

From developer chat with Petr:

skodak:  we coudl move the directory completely and just create an empty dir, maybe with some note in there to tell teachers where are their backup files and that they need to contact admin if they really need them to be restored

Saludos,
Iñaki.

Show
Iñaki Arenaza added a comment - From developer chat with Petr: skodak:  we coudl move the directory completely and just create an empty dir, maybe with some note in there to tell teachers where are their backup files and that they need to contact admin if they really need them to be restored Saludos, Iñaki.
Hide
Permalink
Eloy Lafuente (stronk7) added a comment -

I see this as an urgent measure to keep all the backup files out from teacher access, oki.

Also, it should be applied "in sync" with other measures like adding site/user salts, preventing download and so on... or the next day, there will be new backup files there again.

So +1 as "anti-panic" measure but not a solution at all. IMO. Ciao

Show
Eloy Lafuente (stronk7) added a comment - I see this as an urgent measure to keep all the backup files out from teacher access, oki. Also, it should be applied "in sync" with other measures like adding site/user salts, preventing download and so on... or the next day, there will be new backup files there again. So +1 as "anti-panic" measure but not a solution at all. IMO. Ciao
Hide
Permalink
Iñaki Arenaza added a comment -

As promised, here's a script to do it.

It's important to run this script as the web server user serving the moodle site (www-data, httpd, apache, ...) so the ownership and permissions of the files are correctly setup.

Saludos,
Iñaki.

Show
Iñaki Arenaza added a comment - As promised, here's a script to do it. It's important to run this script as the web server user serving the moodle site (www-data, httpd, apache, ...) so the ownership and permissions of the files are correctly setup. Saludos, Iñaki.
Hide
Permalink
Martin Dougiamas added a comment -

I really don't think we can just move all the backups somewhere automatically ... this would cause a lot of disruptions to innocent ordinary teachers.

What about a script to edit them and delete the password hashes?

Show
Martin Dougiamas added a comment - I really don't think we can just move all the backups somewhere automatically ... this would cause a lot of disruptions to innocent ordinary teachers. What about a script to edit them and delete the password hashes?
Hide
Permalink
Iñaki Arenaza added a comment -

From my conversation with Petr, I had the impression this was geared towards Moodle Partners. The idea was to contain damages in a fast way, and give us/them time to implement more secure ways to handle this (like the script you suggest, the new permissions to export user passwords, etc.)

I could write such a script, but it would take more time, because we'd need to dig into the backup files and deal with XML and so on. That is way trickier and we could corrupt backups if not tested thouroughly, which is far worse than moving backups out of reach from teachers, IMHO.

Saludos,
Iñaki.

Show
Iñaki Arenaza added a comment - From my conversation with Petr, I had the impression this was geared towards Moodle Partners. The idea was to contain damages in a fast way, and give us/them time to implement more secure ways to handle this (like the script you suggest, the new permissions to export user passwords, etc.) I could write such a script, but it would take more time, because we'd need to dig into the backup files and deal with XML and so on. That is way trickier and we could corrupt backups if not tested thouroughly, which is far worse than moving backups out of reach from teachers, IMHO. Saludos, Iñaki.
Hide
Permalink
Helen Foster added a comment -

Not sure how relevant this issue is now, but setting a fix version of STABLE backlog according to our triaging process. Please close if no longer relevant.

Show
Helen Foster added a comment - Not sure how relevant this issue is now, but setting a fix version of STABLE backlog according to our triaging process. Please close if no longer relevant.

Dates

  • Created:
    Updated:
Atlassian JIRA (v4.4.3#663-r165197) | Report a problem
Powered by a free Atlassian JIRA open source license for Moodle. Try JIRA - bug tracking software for your team.