Permission for /home/asterisk/backup/backup_id.rsa changes to 644 after each system update

I use backup module for automatic backups which fails to backup some time after I manually set the permission of /home/asterisk/backup/backup_id.rsa to 400. Just so I make it clear - backups work initially and I believe they work for as long as the permission for the above mentioned key stay put.
I figured it is updating different modules and restarting the asterisk that is the trigger for starting to see the failed to backup notifications. Upon digging into the permission for the above mentioned private key, I found it got changed to 644 and the backup module does not proceed with the backup due to ā€œprivate key permissions being too openā€.
If I change to 400 - the backups start working. Then a few weeks later the situation repeats itself.
Hereā€™s the message:

February 3, 2019, 12:00 am - Backup Lock acquired!
February 3, 2019, 12:00 am - Running pre-backup hooksā€¦
February 3, 2019, 12:00 am - Adding itemsā€¦
February 3, 2019, 12:02 am - Building manifestā€¦
February 3, 2019, 12:02 am - Creating backupā€¦
February 3, 2019, 12:04 am - Storing backupā€¦
February 3, 2019, 12:04 am - SSH Error (255) - Received [] from /usr/bin/ssh -o StrictHostKeyChecking=no -i /home/asterisk/backup/backup_id.rsa -l freepbx 192.168.XX.YY -p 22 ā€˜mkdir -p /u01/samba/FreePBX_Backup/Full_backupā€™
February 3, 2019, 12:04 am - SCP Error (1) - Received [] from /usr/bin/scp -o StrictHostKeyChecking=no -i /home/asterisk/backup/backup_id.rsa -P 22 /var/spool/asterisk/tmp/20190203-000007-1549170007-14.0.5.25-1239058436.tgz [email protected]:/u01/samba/FreePBX_Backup/Full_backup
February 3, 2019, 12:04 am - Running post-backup hooksā€¦
February 3, 2019, 12:04 am - Backup completed with errors!

Where could be the issue?

The default permissions in chown are 644.
Please file a ticket at https://issues.freepbx.org

In the meantime:
https://wiki.freepbx.org/display/FOP/FreePBX+Chown+Conf
/etc/asterisk/freepbx_chown.conf

[custom]
file = /home/asterisk/backup/backup_id.rsa ,0400,asterisk,asterisk
2 Likes

Thank you jfinstrom,
It looks like the read-only permission is now resilient to restarts.
The backup is finishes with success after several module upgrades.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.