hcoop-backup: Be sure that only root can read in-progress backups.

[clinton/scripts.git] / hcoop-backup

diff --git a/hcoop-backup b/hcoop-backup
index 2b26d80..2bf50f9 100755 (executable)
--- a/hcoop-backup
+++ b/hcoop-backup
@@ -8,8 +8,6 @@
 # run this script as root, on deleuze
 #
 
-exec >& /var/log/backup-to-s3-log
-
 PATH=$PATH:/bin:/usr/bin:/sbin:/usr/sbin
 #COMPRESS_EXT=.bz2
 #COMPRESS_PROG=bzip2
@@ -17,7 +15,7 @@ COMPRESS_EXT=.gz
 COMPRESS_PROG=gzip
 KEYFILE=/etc/backup-encryption-key
 BACKUPTMP=/var/backups/hcoop-backup
-CURDATE=$(date +%Y.%m.%d)
+CURDATE=$(date -u +%Y.%m.%d)
 
 MOVE_OVER=$(dirname $0)/rsync.net-move-over
 
@@ -27,6 +25,7 @@ IFS=$'\n'
 RSYNCDIR=/vicepa/hcoop-backups/files
 rm -fr $RSYNCDIR
 mkdir -p $RSYNCDIR/$CURDATE
+chmod -R og= $RSYNCDIR
 
 # Initialize backup staging area
 mkdir -p $BACKUPTMP
@@ -162,6 +161,12 @@ tar -C /var/backups/databases/ -cf - . | \
   ccrypt -k $KEYFILE -e | \
   $MOVE_OVER $CURDATE $F
 
+# Update file permissions so that rsync.net can access the backups
+chmod -R go=,u-w $RSYNCDIR
+chmod u+w $RSYNCDIR
+chown -R rsync $RSYNCDIR/$CURDATE
+
+# Complain to admins if there are unknown files
 grep '[a-z/]' complain && \
   mail -a 'From: The Backup Program <backups@deleuze.hcoop.net>' \
        -s "automated message: annoying files found on deleuze (please do something about them)" admins@hcoop.net \