I think we should add the -h flag to the tar command that's used for backups. For the people that use a symlink to a shared filesystem for their site files, this would be very helpful in that backups would work again.

This would also potentially need some work for the deploy task to make sure the files get copied back correctly, but this could probably be done by the user.

If this is something that can't/shouldn't be done in Provision, it should at least be alterable so I can do it myself without hacking provision!

CommentFileSizeAuthor
#6 provision-alter_tar_options-2226759-6.patch1.47 KBjosebc

Comments

helmo’s picture

helmo commented

I think that adding --dereference (-h, follow symlinks; archive and dump the files they point to) by default could cause trouble for others. Such a symlink could point to a few TB of static data which you don't want to backup...

So I favour the alterable route.
A global config option?

cweagans’s picture

cweagans
He/Him
Primary language English
Location Boise, ID, USA
commented

Either way works for me. I'll work up a patch for both 7.x-3.x and 6.x-2.x if you can confirm that it could be committed to the latter.

cweagans’s picture

cweagans
He/Him
Primary language English
Location Boise, ID, USA
commented

Related: https://drupal.org/node/2185627

helmo’s picture

helmo commented
Related issues: +#2185627: Add a storage service: Allow configurable file_directory_path per site.

Committing to both branches should not be a problem for this.

anarcat’s picture

anarcat commented
Status: Active » Closed (won't fix)

i wouldn't object to a hook to allow changing the arguments passed to tar, "policy blablabla"... :)

but then i would object to adding -h to backups, especially if we make it a default, or even a user-visible option. people need to understand what that means. it could very easily lead to a DOS attack against Aegir:

anarcat@desktop008:~$ mkdir boom
anarcat@desktop008:~$ ln -s ../boom boom/boom
anarcat@desktop008:~$ tar cf - boom | pv > /dev/null
  10kiB 0:00:00 [ 424MiB/s] [    <=>                                                                                                                                                                                                          ]
anarcat@desktop008:~$ tar hcf - boom | pv > /dev/null
^C68MiB 0:00:04 [60,3MiB/s] [                <=>                                                                                                                                                                                              ]

The latter command will never finish and will fill up the filesystem and kill your kittens.

Another interesting attack would be to steal Aegir's database credentials using something like:

ln -s /var/aegir/hostmaster*/site/*/drushrc.php /var/aegir/platform/foo/sites/attacker.com/files/i-0wnz-ur-aegirz-mwhahaha.txt

So -h is a no no. I will close this issue now, reopen or open a new one if you really specifically want customizable tar options.

josebc’s picture

josebc commented
Status: Closed (won't fix) » Needs review
StatusFileSize
new provision-alter_tar_options-2226759-6.patch1.47 KB

Re-opening with patch to allow altering tar options via hooks, this way we assume they know what they are doing