Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny3 with Suhosin-Patch

Security notice: Backup and Migrate will not save backup files to the server because the destination directory is publicly accessible. If you want to save files to the server, please secure the 'sites/[mysite.com]/files/backup_migrate/manual' directory
Security notice: Backup and Migrate will not save backup files to the server because the destination directory is publicly accessible. If you want to save files to the server, please secure the 'sites/[mysite.com]/files/backup_migrate/scheduled' directory
An error occurred at function : drush_provision_drupal_post_provision_verify

I've tried changing ownership, changing file permissions, etc. I've gotten it to where the module thinks it's secure, but then it complains that it can't write to the directory. On a non-aegir site it works fine with the same setup. I opened an issue in the module's queue but haven't received a reply and I'm thinking maybe it has to do with Aegir and not the module.

I also got these warning further up (but they're just warnings):

Could not change permissions sites/[mysite.com] to 493 (chmod to 755 failed on sites/[mysite.com])
Could not change permissions sites/[mysite.com]/files to 1528 (chmod to 2770 failed on sites/[mysite.com]/files)

Then down a bit further:

Change group ownership of settings.php to www-data
warning: chown(): Operation not permitted in /var/aegir/.drush/provision/provision.path.inc on line 375.
warning: chown(): Operation not permitted in /var/aegir/.drush/provision/provision.path.inc on line 375.
warning: chown(): Operation not permitted in /var/aegir/.drush/provision/provision.path.inc on line 375.
warning: chown(): Operation not permitted in /var/aegir/.drush/provision/provision.path.inc on line 375.
warning: chown(): Operation not permitted in /var/aegir/.drush/provision/provision.path.inc on line 375.
warning: chown(): Operation not permitted in /var/aegir/.drush/provision/provision.path.inc on line 375.
warning: chown(): Operation not permitted in /var/aegir/.drush/provision/provision.path.inc on line 375.
warning: chgrp(): Operation not permitted in /var/aegir/.drush/provision/provision.path.inc on line 375.
warning: chgrp(): Operation not permitted in /var/aegir/.drush/provision/provision.path.inc on line 375.
warning: chgrp(): Operation not permitted in /var/aegir/.drush/provision/provision.path.inc on line 375.
warning: chgrp(): Operation not permitted in /var/aegir/.drush/provision/provision.path.inc on line 375.
warning: chgrp(): Operation not permitted in /var/aegir/.drush/provision/provision.path.inc on line 375.
warning: chgrp(): Operation not permitted in /var/aegir/.drush/provision/provision.path.inc on line 375.
warning: chgrp(): Operation not permitted in /var/aegir/.drush/provision/provision.path.inc on line 375.

Then at the end:

Removing task from hosting queue
An error occurred at function : drush_hosting_hosting_task

Comments

adrian’s picture

adrian CreditAttribution: adrian commented
Status: Active » Closed (won't fix)

aegir has it's own backup and migrate functionality.

drush.php provision backup site.com

We keep our backups OUTSIDE of the drupal root entirely, and we keep the sites directories accessible to the web server.

so there's no way the permissions can mess up.

butler360’s picture

butler360 CreditAttribution: butler360 commented

So the two aren't intended to work together at all (backup_migrate, aegir)?

If so, can backups be automated and emailed like with backup_migrate?

butler360’s picture

butler360 CreditAttribution: butler360 commented

Or sent to an S3 bucket?

Anonymous’s picture

Anonymous (not verified) CreditAttribution: Anonymous commented

Two separate issues in the original report:

The topic of automated backups is a duplicate of #422966: automated backups (and backups garbage collection) (and is likely to also now depend on the Server node refactoring that's being developed, based on where we handle a 'file server' to store backups)

If you are seeing errors like this in your task log:

warning: chgrp(): Operation not permitted in /var/aegir/.drush/provision/provision.path.inc on line 375.
warning: chgrp(): Operation not permitted in /var/aegir/.drush/provision/provision.path.inc on line 375.
warning: chgrp(): Operation not permitted in /var/aegir/.drush/provision/provision.path.inc on line 375.

Then you have a permissions problem in your system: the files are not owned by the aegir user and so permissions cannot be changed, and/or your aegir user is not a member of the www-data group and thus cannot set www-data as the group for these directories/files.

The INSTALL.txt/install.sh script set the owner/group and memberships appropriately if all steps are followed accurately.

butler360’s picture

butler360 CreditAttribution: butler360 commented

Well the aegir user is part of the www-data group:

server:/# groups aegir
aegir www-data

As far as I can tell, everything in var/aegir is owned by user aegir and group aegir or www-data, which the user is a member of.

And I used the install.sh script to install.

Has anyone successfully used backup_migrate with aegir?

anarcat’s picture

anarcat CreditAttribution: anarcat commented
Status: Closed (won't fix) » Fixed

I actually committed a fix for this: aegir now forces the Apache webserver to ignore sites/%{SERVER_NAME}/files/backup_migrate/* directories.

omega8cc’s picture

omega8cc CreditAttribution: omega8cc commented

FYI: in nginx we are using simple location rule for this issue:

    location ~* /files/backup_migrate/ {
        return 444;                     ### deny direct access
    }

http://github.com/omega8cc/nginx-for-drupal/blob/master/nginx.conf

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.

  • Commit 9ac8b2f on debian, dev-dns, dev-envobject, dev-koumbit, dev-log_directory, dev-migrate_aliases, dev-multiserver-install, dev-newhooks, dev-nginx, dev-ports, dev-purgebackup, dev-restore, dev-services, dev-simplerinstaller, dev-site_rename, dev-ssl, dev_server_verify, prod-koumbit, dev-ssl-ip-allocation-refactor, dev-1205458-move_sites_out_of_platforms, 7.x-3.x, dev-subdir-multiserver, 6.x-2.x-backports, dev-helmo-3.x by anarcat: 
    #642948 - backup_migrate compatibility: block files/backup_migrate/...