search

mail-in-a-box / mailinabox

Mail-in-a-Box helps individuals take back control of their email by defining a one-click, easy-to-deploy SMTP+everything else server: a mail server in a box.
https://mailinabox.email/
Creative Commons Zero v1.0 Universal
13.95k stars 1.44k forks source link

Allow before-backup to run as root #1521

Open nordurljosahvida opened 5 years ago

nordurljosahvida commented 5 years ago

For full /home/user-data offsite backups with rsync for instance. See this user case: https://discourse.mailinabox.email/t/nightly-backup-to-a-full-secondary-standby-server/4599

Thanks

JoshData commented 5 years ago

I'm pretty sure the script is already run as root....

nordurljosahvida commented 5 years ago

Not exactly:

# Execute a pre-backup script that copies files outside the homedir.
# Run as the STORAGE_USER user, not as root. Pass our settings in
# environment variables so the script has access to STORAGE_ROOT.
pre_script = os.path.join(backup_root, 'before-backup')
if os.path.exists(pre_script):
    shell('check_call',
        ['su', env['STORAGE_USER'], '-c', pre_script, config["target"]],
        env=env)

and as you know:

root@mb:~# ls -ld /home/user-data/*
drwxr-xr-x  4 root      root      4096 Feb 15 00:19 /home/user-data/backup
drwxr-xr-x  3 root      root      4096 Dec 24  2017 /home/user-data/dns
drwxrwxr-x  7 root      www-data  4096 Feb 16 22:24 /home/user-data/mail
-rw-r--r--  1 user-data user-data    3 Feb 12 21:14 /home/user-data/mailinabox.version
drwxrwx--- 28 www-data  www-data  4096 Feb 18 15:56 /home/user-data/owncloud
drwxr-xr-x  8 root      root      4096 Feb 12 21:20 /home/user-data/owncloud-backup
-rw-r--r--  1 root      root        15 Feb 27  2016 /home/user-data/settings.yaml
drwxr-xr-x  4 root      root      4096 Feb 17 03:01 /home/user-data/ssl
drwxr-xr-x  3 user-data root      4096 Oct 20  2015 /home/user-data/www

so if as I do you want to rsync everything to a remote machine on before-backup [since I use the MIAB S3 option, but I want MOAR], it would never work.

JoshData commented 5 years ago

Ahha, right!

I don't think there's much to be done here. The script is really an advanced, undocumented feature, and I don't want to add an option just to configure that. I'd recommend just modifying the source code on your box.

nordurljosahvida commented 5 years ago

Yes I've already changed the code on my box to the following:

pre_script = os.path.join(backup_root, 'before-backup')
if os.path.exists(pre_script):
        shell('check_call',
                ['bash', pre_script, config["target"]],
                env=env)

however wouldn't it make sense to run any before-backup operation as root, since the very backup contents themselves are almost entirely owned by root? This way we wouldn't need an extra option, we'd just make them always run as root. Don't you think?

insideTheFlux commented 5 years ago

@nordurljosahvida Do you think this is closely similar to what other large email providers do for redundancy? Eventually MIAB will evolve to something much more down the road.

What do you think?

nordurljosahvida commented 5 years ago

I've tried so many times to run a clusterized mail server and never succeeded. I have absolutely no idea how the others do it. With this hack at least I have a server on standby ready to take over should the first one get deleted. About real time sync, it would be the definitive feature for MIAB.