Univention Bugzilla – Bug 54782
make group owner configurable for LDAP backup files
Last modified: 2022-08-31 12:19:34 CEST
management/univention-ldap/univention-ldap-backup creates backup files in /var/univention-backup/ldap-backup_${currentdate}.ldif with root:root as 0600. This makes it necessary that the files can only be fetched as root - e.g. when syncing them via scp from an external system. I think the permissions should be configurable via UCR.
Workaround: ucr set cron/backup/{command='chgrp ldapbackup /var/univention-backup/ldap-backup*.gz; chmod 0660 /var/univention-backup/ldap-backup*.gz',description='LDAP backup permissions',mailto=root,time='30 0 * * *',user=root}
Same for /var/univention-backup/ucr-backup*.tgz
(In reply to Florian Best from comment #2) > Same for /var/univention-backup/ucr-backup*.tgz → univention-base-files/scripts/univention-config-registry-backup
Added three UCR variables: `slapd/backup/owner`, `slapd/backup/group`, `slapd/backup/permissions`. By default, `univention-ldap-backup` will create a backup as root:root with 0600. Then it will try to set owner, group and permissions as specified in the UCR variables. If any issues, it will remain as root:root 0600. Added tests for `univention-ldap-backup` to test the default behaviour, the customized and non valid UCR variables such as wrong permissions. univention-ldap.yaml 08a8ee72da51 | Bug #54782: owner group and permissions configurable for ldap backups univention-ldap (16.0.7-19) 08a8ee72da51 | Bug #54782: owner group and permissions configurable for ldap backups ucs-test (10.0.7-7) 08a8ee72da51 | Bug #54782: owner group and permissions configurable for ldap backups
FAIL: 08a8ee72da51 <https://git.knut.univention.de/univention/ucs/-/merge_requests/447> OK: errata-announce -V --only univention-ldap.yaml FIXED: univention-ldap.yaml → 63c59bc7c345ff1fe9a752d22d5a76c45a4eae29 OK: dpkg-query -W univention-ldap\*|awk '$2=="16.0.7-18A~5.0.0.202203181059"{print $1}'|xargs apt-get -t apt install OK: /usr/share/ucs-test/10_ldap/112_test_ldap_backup.py -f
This issue blocks the release of Bug #54465 and Bug #54821. It seems like nothing has been done since 28.07. Please finish this issue or revert the changes.
(In reply to Philipp Hahn from comment #5) > FAIL: 08a8ee72da51 > <https://git.knut.univention.de/univention/ucs/-/merge_requests/447> > > OK: errata-announce -V --only univention-ldap.yaml > FIXED: univention-ldap.yaml → 63c59bc7c345ff1fe9a752d22d5a76c45a4eae29 > OK: dpkg-query -W univention-ldap\*|awk > '$2=="16.0.7-18A~5.0.0.202203181059"{print $1}'|xargs apt-get -t apt install > > OK: /usr/share/ucs-test/10_ldap/112_test_ldap_backup.py -f Implemented changes requested on https://git.knut.univention.de/univention/ucs/-/merge_requests/447 on MR https://git.knut.univention.de/univention/ucs/-/merge_requests/492 Pipeline succeeds.
univention-ldap.yaml 3151a4792bb3 | Bug #54782: update YAML for univention-ldap 2d316c21f2aa | Bug #54782: improve test cases and remove duplicated code 63c59bc7c345 | Bug #54782: univention-ldap 16.0.7-19A~5.0.0.202207151309 08a8ee72da51 | Bug #54782: owner group and permissions configurable for ldap backups univention-ldap (16.0.7-21) 2d316c21f2aa | Bug #54782: improve test cases and remove duplicated code
OK: apt install -t apt univention-ldap-acl-master univention-ldap-client univention-ldap-config univention-ldap-config-master univention-ldap-server OK: ucr search ^slapd/backup/ OK: /usr/sbin/univention-ldap-backup OK: ucr set slapd/backup/{owner=nobody,group=nogroup,permissions=u=rw\,g=r} OK: apt install -t apt ucs-test-ldap FIXED: /usr/share/ucs-test/10_ldap/112_test_ldap_backup.py OK: 08a8ee72da51 63c59bc7c345 2d316c21f2aa 3151a4792bb3 OK: univention-ldap.yaml OK: errata-announce -V --only univention-ldap.yaml [5.0-2] 26f1de807d churn[test]: Update test for univention-ldap-backup test/ucs-test/debian/changelog | 6 ++++++ 1 file changed, 6 insertions(+) Package: ucs-test Version: 10.0.7-20A~5.0.0.202208301416 Branch: ucs_5.0-0 Scope: errata5.0-2
<https://errata.software-univention.de/#/?erratum=5.0x400>