Delegating backups

Get help with installation and running phpBB 3.3.x here. Please do not post bug reports, feature requests, or extension related questions here.
RichardRussell
Registered User
Posts: 5
Joined: Sat Mar 28, 2020 6:05 pm

Delegating backups

Post by RichardRussell »

I take a 'hands off' approach to a forum which I own (i.e. of which I am the founder) and delegate all admin roles to others, including backups. This worked fine when I was running phpBB 3.2.2 but I have recently upgraded to 3.3.0 and the option to download backups has been removed from the ACP. I understand the stated reasons for this, but my co-admins do not have access to the store/ directory in order to download the backup.

I cannot be alone in wanting to delegate the backup role, so what is the best solution to this? Is there some way I can configure my server to grant my admin(s) read access to store/? Even if they can be granted such access, how would they know what file to download (it would presumably be highly undesirable also to grant list-directory access)?

I do not want to create a new security loophole simply because phpBB has closed one!
User avatar
janus_zonstraal
Registered User
Posts: 4898
Joined: Sat Aug 30, 2014 1:30 pm

Re: Delegating backups

Post by janus_zonstraal »

Why do they have to download a backup?
I think they are save on the server.
Sorry! My English is bat ;) !!!
Cubguy501
Registered User
Posts: 138
Joined: Mon Feb 07, 2011 8:39 pm

Re: Delegating backups

Post by Cubguy501 »

You may be able to setup another ftp account on your host that only has access to the /store directory, set up a login and password for them.
You cannot go back a level in ftp. so they would have no access to the rest of the files and folders

as far as knowing which to download... just look for the time and date stamp!
User avatar
warmweer
Jr. Extension Validator
Posts: 5864
Joined: Fri Jul 04, 2003 6:34 am
Location: Van Allen Bel ... gium

Re: Delegating backups

Post by warmweer »

RichardRussell wrote:
Sat Mar 28, 2020 6:28 pm
I understand the stated reasons for this, but my co-admins do not have access to the store/ directory in order to download the backup.
Why would they need to download a backup? Backups are stored in the /store (what's in a name ;) ).
If they can restore a backup, the phpBB backup/restore GUI allows easy identification of which backup to restore anyway. (timedate, which is easier that the name phpBB creates).

Anway, doesn't your host account have an option to create another FTP user which you can configure (restrict access to certain directories and grant read and or write permissions)? I have with my host. To be honest, I read about it, but haven't used the feature.

Added:
hmm Cubguy501 beat me to it (by a mile)
Spelling is freeware, which means you can use it for free.
On the other hand, it is not open source, which means you cannot change it or publish it in a modified form.
RichardRussell
Registered User
Posts: 5
Joined: Sat Mar 28, 2020 6:05 pm

Re: Delegating backups

Post by RichardRussell »

warmweer wrote:
Sat Mar 28, 2020 9:44 pm
Why would they need to download a backup? Backups are stored in the /store
I have no idea how effectively my hosting company backs up their server. Anyway what would happen if they went bust and closed down at short notice, what certainty would there be that I could access the forum backups then? Perhaps I'm being unnecessarily cautious, but up to now I have always kept a separate copy of everything important.
Anway, doesn't your host account have an option to create another FTP user which you can configure
I don't know, it's not something I have ever needed to investigate until now. I just wish that phpBB gave the forum's owner the choice of whether to allow backup downloads or not, perhaps by an install time switch. I'm never keen on the removal of a potentially useful feature on the grounds that 'we know better'.
User avatar
warmweer
Jr. Extension Validator
Posts: 5864
Joined: Fri Jul 04, 2003 6:34 am
Location: Van Allen Bel ... gium

Re: Delegating backups

Post by warmweer »

RichardRussell wrote:
Sat Mar 28, 2020 10:58 pm
I have no idea how effectively my hosting company backs up their server. Anyway what would happen if they went bust and closed down at short notice, what certainty would there be that I could access the forum backups then? Perhaps I'm being unnecessarily cautious, but up to now I have always kept a separate copy of everything important.
Well?, it's the founder's responsibility to keep a copy of the backups in a safer place if he feels that's necessary. This applies not only to database backups but also to files (which could have edits) uploaded attachments, images, etc..
If you don't trust the host with backups, either change host or download the backups at regular intervals.
RichardRussell wrote:
Sat Mar 28, 2020 10:58 pm
I don't know, it's not something I have ever needed to investigate until now. I just wish that phpBB gave the forum's owner the choice of whether to allow backup downloads or not, perhaps by an install time switch. I'm never keen on the removal of a potentially useful feature on the grounds that 'we know better'.
The owner has a choice by granting FTP download permissions via the hosting account. If that feature isn't present, it's the decision of the host and the "we know better" still applies.
Personally I'ld also want to be able to download a backup directly but it's a non-issue to me.
Spelling is freeware, which means you can use it for free.
On the other hand, it is not open source, which means you cannot change it or publish it in a modified form.
User avatar
Dr.Death
Registered User
Posts: 400
Joined: Fri Apr 25, 2003 10:04 am
Location: Germany
Contact:

Re: Delegating backups

Post by Dr.Death »

In the IT world there is not only one dedicated backup agent, but often a whole IT department.

And as a part of the IT department there is a backup department that is responsible for nothing else as creating, managing and performing backup and restore jobs.

It would be fatal if only ONE person is authorized to manage these tasks.
Doc.
RichardRussell
Registered User
Posts: 5
Joined: Sat Mar 28, 2020 6:05 pm

Re: Delegating backups

Post by RichardRussell »

John connor wrote:
Sun Mar 29, 2020 10:02 am
Why are you delegating backups anyway? If you own the site, you should be the sole proprietor and only YOU should have the backups.
That's crazy. I might get sick, I might be on a long vacation, I might get run over by a bus - lots of things can happen that would prevent me performing that role, and in none of those situations do I want my forum to cease being backed up.
So as the owner of the website you should be the only one with the backup ability. I'd stay far away from backup delegation and only have one set of keys for yourself.
My priorities are very different from yours. I know that I am personally vulnerable (for example I have chronic health problems) so my main concern is to ensure that the forum can continue functioning, being backed up etc., even if I'm unable to do it myself. Security is important, but not enough to outweigh those considerations.

I have confirmed that I can create an FTP account with limited access, which would allow an admin to download a backup from store/. It's not as convenient as the original method, but it is an acceptable workaround. Thanks for all the suggestions.
User avatar
warmweer
Jr. Extension Validator
Posts: 5864
Joined: Fri Jul 04, 2003 6:34 am
Location: Van Allen Bel ... gium

Re: Delegating backups

Post by warmweer »

RichardRussell wrote:
Sun Mar 29, 2020 11:39 am
That's crazy. I might get sick, I might be on a long vacation, I might get run over by a bus - lots of things can happen that would prevent me performing that role, and in none of those situations do I want my forum to cease being backed up.
Honestly, if that's a concern - the database backup alone isn't sufficient.
The phpBB files could have been edited.
Styles or extensions may be not freely available.
What about attachments, and uploaded files/images?
If your concern is that you could be unable to administer the whole site (that includes the host aspect) then the database backup isn't sufficient and you would need a backup host account owner. That in itself also implies that your complete site can be copied. (you wouldn't be the first victim).
Spelling is freeware, which means you can use it for free.
On the other hand, it is not open source, which means you cannot change it or publish it in a modified form.
RichardRussell
Registered User
Posts: 5
Joined: Sat Mar 28, 2020 6:05 pm

Re: Delegating backups

Post by RichardRussell »

warmweer wrote:
Sun Mar 29, 2020 11:58 am
you would need a backup host account owner.
Talk about mixed messages! One response says that I shouldn't share anything with anybody else, another that I should share every aspect of host management with somebody else!

As it happens pretty much my entire site is mirrored at a different host, so I'm protected against even the worst disasters by telling people to visit the other URL instead. The forum is the only part that isn't mirrored, it's also the only part that changes significantly from day to day, so my judgment is that its administration needs to be delegated whereas management of the rest doesn't.
User avatar
janus_zonstraal
Registered User
Posts: 4898
Joined: Sat Aug 30, 2014 1:30 pm

Re: Delegating backups

Post by janus_zonstraal »

That's crazy. I might get sick, I might be on a long vacation, I might get run over by a bus - lots of things can happen that would prevent me performing that role, and in none of those situations do I want my forum to cease being backed up.
In this cases you have to give someone full access to your server.
But that isn't very wise if you want this
I do not want to create a new security loophole simply because phpBB has closed one!
So you and only you has to made a decisión what you want.
Sorry! My English is bat ;) !!!
User avatar
Lumpy Burgertushie
Registered User
Posts: 68303
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: Delegating backups

Post by Lumpy Burgertushie »

it is doubtful that phpbb is going to change this back. therefore, you have to figure out a way to do it.
one way is to find a separate backup program and set it up on your server.
give your admins access to this program so they can use it to do the backups.

don't have any suggestions about what program, but https://duckduckgo.com is your friend.


robert
I'm baaaaaccckkkk. still doing work on donation basis. PM your needs.

Premium phpBB 3.3 Styles by PlanetStyles.net

If nobody is in the forest, does a tree really fall?
User avatar
warmweer
Jr. Extension Validator
Posts: 5864
Joined: Fri Jul 04, 2003 6:34 am
Location: Van Allen Bel ... gium

Re: Delegating backups

Post by warmweer »

RichardRussell wrote:
Sun Mar 29, 2020 12:50 pm
Talk about mixed messages! One response says that I shouldn't share anything with anybody else, another that I should share every aspect of host management with somebody else!

As it happens pretty much my entire site is mirrored at a different host, so I'm protected against even the worst disasters by telling people to visit the other URL instead. The forum is the only part that isn't mirrored, it's also the only part that changes significantly from day to day, so my judgment is that its administration needs to be delegated whereas management of the rest doesn't.
There nothing mixed about my message. I'm stating the facts. Even with the older versions of phpBB where you could give database backup permissions which included downloading, It wouldn't solve the issue you raised (if falling ill and the consequences). And being able to download the backup isn't necessary at all in order to restore it.

But now you've given extra information: namely that your site is mirrored. On the other hand you say the forum isn't mirrored so I fail to see why someone else needs to be able to download a database backup.

The clarity of an answer is usually related to the clarity of the question asked.

BTW : no one is advising you to share every aspect of host management with somebody else. I just pointed out that a database backup isn't all you need in order to restore your board. You are the one who decides on the fallback system in case something goes haywire. If you have a better failsafe system, by all means use it. But the way I see it, a special FTP account allowing nothing more than downloading the database backups fulfills the requirements you initially set.
Spelling is freeware, which means you can use it for free.
On the other hand, it is not open source, which means you cannot change it or publish it in a modified form.
RichardRussell
Registered User
Posts: 5
Joined: Sat Mar 28, 2020 6:05 pm

Re: Delegating backups

Post by RichardRussell »

warmweer wrote:
Sun Mar 29, 2020 2:44 pm
I fail to see why someone else needs to be able to download a database backup.
I explained that. It's to protect against the hosting service 'disappearing' (e.g. suddenly going out of business) and the online backups thus becoming inaccessible. If the backup has been downloaded by an admin, to whom that role has been delegated, he could reconstitute the forum elsewhere without any input from me.
User avatar
david63
Registered User
Posts: 18591
Joined: Thu Dec 19, 2002 8:08 am
Location: Lancashire, UK
Contact:

Re: Delegating backups

Post by david63 »

RichardRussell wrote:
Sun Mar 29, 2020 2:58 pm
he could reconstitute the forum elsewhere without any input from me.
Not without a backup of the other files.

This would all seem to be solved a lot easier if some external backup regime was created.
David
Remember: You only know what you know and - you don't know what you don't know!
My CDB Contributions | How to install an extension
I will not be accepting translations for any of my extensions in Github - please post any translations in the appropriate topic.
No support requests via PM or email as they will be ignored
Post Reply

Return to “[3.3.x] Support Forum”