[Koha] File permissions for 'koha-dump' backup files

Steven Nickerson snicker1 at maine.rr.com
Tue Sep 16 23:12:55 NZST 2014

Thanks for the response, Robin.  What I'm ultimately trying to accomplish is to write a small shell script that will take the daily 'koha-dump' pair of files, 'scp' copy them to a 2nd server and then 'ssh' over to that server and perform a 'koha-restore' to keep a "backup" environment in sync once per day.   I'd prefer to do this as the 'koha' user instead of doing it as 'root', but currently 'root' is the only account with enough permissions to read both of the files to be copied.  As you've suggested, I could simply add a 'chmod' command to root's crontab.   

Maybe there's a better way you or someone else can think of to accomplish the synchronizing of a 2nd environment that I'm trying to do???

Thanks again!

-----Original Message-----
From: Robin Sheat [mailto:robin at catalyst.net.nz] 
Sent: Sunday, September 14, 2014 8:15 PM
To: koha at lists.katipo.co.nz
Subject: Re: [Koha] File permissions for 'koha-dump' backup files

Steven Nickerson schreef op za 13-09-2014 om 22:34 [-0400]:
>    I'm using the package version of 3.16.03 (but I've seen this same 
> behavior in several previous versions as well) and am wondering if 
> there is a way for me to make it so that the .gz files created under 
> /var/spool/koha/<site> are world-readable?  Currently they are always owned
> by 'root' and are not readable by either group or everyone else.   I
> understand it is a potential security issue, but if I'm willing to 
> accept that "risk" is there  any way to configure either Koha or the 
> operating system user (i.e. root's 'umask' perhaps) so that these 
> files are created as readable?

I'm going to start by asking "What is it you are actually trying to do?", as there may be another way to achieve whatever it is you're trying to do.

Now for some detail...

So, it's not _quite_ how you describe. There are two types of files here, one is the SQL and the other is the configs and so on. The SQL is group readable, the configs .tar.gz isn't. Having the SQL as user readable is to allow the feature for superlibrarians to be able download database dumps (good in a hosted environment, for example.)

The simplest way to do what you're asking would be to put a chmod/chown in the cron.daily/koha-common file that sets the file permissions to be what it is that you want after the backup process has run. That would probably be what I would do.

Robin Sheat
Catalyst IT Ltd.
✆ +64 4 803 2204
GPG: 5FA7 4B49 1E4D CAA4 4C38  8505 77F5 B724 F871 3BDF

More information about the Koha mailing list