Merge branch '7771-harden-postgres-backup' into 'master'

pg_dump in temp dir to harden backup directory See merge request !154

Merge branch '7771-harden-postgres-backup' into 'master'
1db0b45e · Hahn Axel (hahn) · 3fb73b6c · 5db6976a · 1db0b45e
Commit 1db0b45e authored 2 months ago by Hahn Axel (hahn)
--- a/plugins/localdump/pgsql.sh
+++ b/plugins/localdump/pgsql.sh
@@ -2,7 +2,7 @@
 # ================================================================================
 #
 # LOCALDUMP :: POSTGRES
-# create gzipped plain text backups from each scheme
+# Create gzipped plain text backups from each scheme
 #
 # --------------------------------------------------------------------------------
 # ah - Axel Hahn <axel.hahn@iml.unibe.ch>
@@ -17,6 +17,7 @@
 # 2024-12-13  ah     v1.6  backup uses a snapshot db
 # 2024-12-16  ah     v1.7  on snapshot mode it can fallback for single database to normal pg_dump of origin
 # 2024-12-17  ah     v1.8  handle env variables to disable snapshots or set times for disconnect
+# 2025-02-03  ah     v1.9  pg_dump in temp directory; dump file will be moved to backup dir
 # ================================================================================

 if [ -z "$BACKUP_TARGETDIR" ]; then
@@ -65,9 +66,6 @@ function pgsql.backup(){

  create_targetdir

-  # ----- change owner of directory because of su command
-  chown ${PGUSER}. "${BACKUP_TARGETDIR}"
-
  # ----- GO

  # prevent could not change directory to "/root": Permission denied
@@ -112,12 +110,13 @@ function pgsql.backup(){
    test $bUseSnapshot4DB -eq 1 && SNAPSHOTDB="${snapshotprefix}${DATABASE}"

    OUTFILE="${BACKUP_TARGETDIR}/$(get_outfile ${DATABASE}).sql"
+    TMPOUTFILE="/tmp/$(get_outfile ${DATABASE}).sql"

    myrc=0

    # drop snapshot db first - just in case
    if [ $bUseSnapshot4DB -eq 1 ]; then 
-      echo -n " snapshot ."
+      echo -n "snapshot ."
      su ${PGUSER} -c "dropdb ${SNAPSHOTDB}" >/dev/null 2>&1
      echo -n "."
      test $bDisconnect -ne 0 && su ${PGUSER} -c "psql ${BACKUP_PARAMS} -c \"
@@ -137,14 +136,20 @@ function pgsql.backup(){
    if [ $myrc -eq 0 ]; then

      echo -n "backup ... "
-      if su ${PGUSER} -c "pg_dump ${BACKUP_PARAMS} -Fp ${SNAPSHOTDB} >$OUTFILE"; then
+      if su ${PGUSER} -c "pg_dump ${BACKUP_PARAMS} -Fp ${SNAPSHOTDB} >$TMPOUTFILE"; then
        fetchrc >/dev/null
        test $bUseSnapshot4DB -eq 1 && ( 
          echo -n "delete snapshot ... "
          su ${PGUSER} -c "dropdb ${SNAPSHOTDB}"
        )

-        db._compressDumpfile "$OUTFILE"
+        echo -n "move temp to target ... "
+        if mv "$TMPOUTFILE" "$OUTFILE"; then
+          db._compressDumpfile "$OUTFILE"
+        else
+          fetchrc
+          cecho error "Failed."
+        fi
      else
        fetchrc
        test $bUseSnapshot4DB -eq 1 && su ${PGUSER} -c "dropdb ${SNAPSHOTDB}"