Admin Edit… Altered Greeting so as not to be sexist!
Gentlemen and Ladies,
I am trying to create a PHP script that will create then FTP to another server a GZIPped backup of our CMS database. It’s a FreeBSD server running Apache and cPanel, but the same script will be deployed on a Linux server too should it prove successful.
The FTP stuff is easy, but where I have gotten stuck is getting the permissions right to allow mysqldump to output the file successfully. Before anyone replies, PHPSUEXEC is more than likely not a valid option for this operation. It introduces problems of it’s own, and from what I have, will more than likely break the CMS I have developed. Only two sets of permissions and ownership will allow this script to work, and I would like the input of people more knowledgeable than myself on such matters on the potential risks of either approach.
- Obviously 0777 permissions is the first. But I have read and seen first hand the risks of doing this. However, if I use a directory that’s outside of the Apache home directory, is there still a risk someone could use the directory to break in? Realistically, how could they know it was there anyway? The only way would be to break in and find the PHP backup script, in which case they have probably got in to the point where the consequences of a 0777 folder are relatively little.
- The next idea that worked was to chown the backup folder (which again is still outside of /home) to user nobody. To my inexperienced eye, this seems unlikely to have risks, or at least is the least risky of the two options.