Exentory Web Development Exentory Web Development - 4 months ago 10
SQL Question

Using mysqldump on hosted servers without directory 777 permision

I'm trying to create a php file that a cron will access. This file will create a backup of the database it is connected to. To do this, it uses PHP's

exec()
and
mysqldump


This all works fine, BUT, it only works if the directory it is writing has permissions
0777
. I've tested with different permissions, and it seems like only the world number needs to be 7. (or at least write and read I think)

The problem with this is, I don't want anyone but the server to be able to see this backup, since it contains user information! (even though this information is encrypted)
I've tried using
chmod
on the directory to make it 0777 only while writing the file, but it is unable to change the permissions, and this might be another security risk.

Is there any way to write this file to a directory with
0700
permissions? Or is there any other way that I'm not seeing right now...

Source code:

<?php
backup('notecms', 'root');
function backup($name, $user, $pass = NULL) {
$filename='/note_db_backup_'.date('G_a_m_d_y').'.sql';
if ($pass == NULL) {
$result=exec('mysqldump notecms --single-transaction --user='. $user .' -r '. $filename . ' 2>&1', $output, $return_var);
}
else {
$result=exec('mysqldump notecms --single-transaction --user='. $user .' -p='. $pass .' -r '. $filename . ' 2>&1', $output, $return_var);
}
if($return_var == 0){
//return 0;
if (!chmod($filename, 0600)) {
die('could not change backup permissions');
}
deleteold();
}
else {
print_r($output);
global $backup_output;
$backup_output = $output;
//return 1;
}
}

function deleteold() {
$filecount = count(scandir("../backup/")) - 2;
if ($filecount > 5) {
$files = glob( '../backup/*' );
array_multisort(
array_map( 'filemtime', $files ),
SORT_NUMERIC,
SORT_ASC,
$files
);
unlink($files[0]);
}
}
?>

Answer

There is no reason for the permissions to be 0777. You need the user that executes the script to have read/write access to the directory, so make sure that user owns the directory and all you need is 0700.

Comments