From 5db6976a4fc61679a16b06eec4234e4fca0e1e73 Mon Sep 17 00:00:00 2001
From: "Hahn Axel (hahn)" <axel.hahn@unibe.ch>
Date: Mon, 3 Feb 2025 10:10:33 +0100
Subject: [PATCH] pg_dump in temp dir to harden backup directory

---
 plugins/localdump/pgsql.sh | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/plugins/localdump/pgsql.sh b/plugins/localdump/pgsql.sh
index 26b46ae..b3ce015 100755
--- a/plugins/localdump/pgsql.sh
+++ b/plugins/localdump/pgsql.sh
@@ -2,7 +2,7 @@
 # ================================================================================
 #
 # LOCALDUMP :: POSTGRES
-# create gzipped plain text backups from each scheme
+# Create gzipped plain text backups from each scheme
 #
 # --------------------------------------------------------------------------------
 # ah - Axel Hahn <axel.hahn@iml.unibe.ch>
@@ -17,6 +17,7 @@
 # 2024-12-13  ah     v1.6  backup uses a snapshot db
 # 2024-12-16  ah     v1.7  on snapshot mode it can fallback for single database to normal pg_dump of origin
 # 2024-12-17  ah     v1.8  handle env variables to disable snapshots or set times for disconnect
+# 2025-02-03  ah     v1.9  pg_dump in temp directory; dump file will be moved to backup dir
 # ================================================================================
 
 if [ -z "$BACKUP_TARGETDIR" ]; then
@@ -65,9 +66,6 @@ function pgsql.backup(){
 
   create_targetdir
 
-  # ----- change owner of directory because of su command
-  chown ${PGUSER}. "${BACKUP_TARGETDIR}"
-
   # ----- GO
 
   # prevent could not change directory to "/root": Permission denied
@@ -112,12 +110,13 @@ function pgsql.backup(){
     test $bUseSnapshot4DB -eq 1 && SNAPSHOTDB="${snapshotprefix}${DATABASE}"
 
     OUTFILE="${BACKUP_TARGETDIR}/$(get_outfile ${DATABASE}).sql"
+    TMPOUTFILE="/tmp/$(get_outfile ${DATABASE}).sql"
 
     myrc=0
 
     # drop snapshot db first - just in case
     if [ $bUseSnapshot4DB -eq 1 ]; then 
-      echo -n " snapshot ."
+      echo -n "snapshot ."
       su ${PGUSER} -c "dropdb ${SNAPSHOTDB}" >/dev/null 2>&1
       echo -n "."
       test $bDisconnect -ne 0 && su ${PGUSER} -c "psql ${BACKUP_PARAMS} -c \"
@@ -137,14 +136,20 @@ function pgsql.backup(){
     if [ $myrc -eq 0 ]; then
 
       echo -n "backup ... "
-      if su ${PGUSER} -c "pg_dump ${BACKUP_PARAMS} -Fp ${SNAPSHOTDB} >$OUTFILE"; then
+      if su ${PGUSER} -c "pg_dump ${BACKUP_PARAMS} -Fp ${SNAPSHOTDB} >$TMPOUTFILE"; then
         fetchrc >/dev/null
         test $bUseSnapshot4DB -eq 1 && ( 
           echo -n "delete snapshot ... "
           su ${PGUSER} -c "dropdb ${SNAPSHOTDB}"
         )
 
-        db._compressDumpfile "$OUTFILE"
+        echo -n "move temp to target ... "
+        if mv "$TMPOUTFILE" "$OUTFILE"; then
+          db._compressDumpfile "$OUTFILE"
+        else
+          fetchrc
+          cecho error "Failed."
+        fi
       else
         fetchrc
         test $bUseSnapshot4DB -eq 1 && su ${PGUSER} -c "dropdb ${SNAPSHOTDB}"
-- 
GitLab