FreePBX | Register | Issues | Wiki | Portal | Support

Permission for /home/asterisk/backup/backup_id.rsa changes to 644 after each system update


(Vladyslav Ovcharenko) #1

I use backup module for automatic backups which fails to backup some time after I manually set the permission of /home/asterisk/backup/backup_id.rsa to 400. Just so I make it clear - backups work initially and I believe they work for as long as the permission for the above mentioned key stay put.
I figured it is updating different modules and restarting the asterisk that is the trigger for starting to see the failed to backup notifications. Upon digging into the permission for the above mentioned private key, I found it got changed to 644 and the backup module does not proceed with the backup due to “private key permissions being too open”.
If I change to 400 - the backups start working. Then a few weeks later the situation repeats itself.
Here’s the message:

February 3, 2019, 12:00 am - Backup Lock acquired!
February 3, 2019, 12:00 am - Running pre-backup hooks…
February 3, 2019, 12:00 am - Adding items…
February 3, 2019, 12:02 am - Building manifest…
February 3, 2019, 12:02 am - Creating backup…
February 3, 2019, 12:04 am - Storing backup…
February 3, 2019, 12:04 am - SSH Error (255) - Received [] from /usr/bin/ssh -o StrictHostKeyChecking=no -i /home/asterisk/backup/backup_id.rsa -l freepbx 192.168.XX.YY -p 22 ‘mkdir -p /u01/samba/FreePBX_Backup/Full_backup’
February 3, 2019, 12:04 am - SCP Error (1) - Received [] from /usr/bin/scp -o StrictHostKeyChecking=no -i /home/asterisk/backup/backup_id.rsa -P 22 /var/spool/asterisk/tmp/20190203-000007-1549170007-14.0.5.25-1239058436.tgz freepbx@192.168.XX.YY:/u01/samba/FreePBX_Backup/Full_backup
February 3, 2019, 12:04 am - Running post-backup hooks…
February 3, 2019, 12:04 am - Backup completed with errors!

Where could be the issue?


(TheJames) #2

The default permissions in chown are 644.
Please file a ticket at https://issues.freepbx.org

In the meantime:
https://wiki.freepbx.org/display/FOP/FreePBX+Chown+Conf
/etc/asterisk/freepbx_chown.conf

[custom]
file = /home/asterisk/backup/backup_id.rsa ,0400,asterisk,asterisk

(Vladyslav Ovcharenko) #3

Thank you jfinstrom,
It looks like the read-only permission is now resilient to restarts.
The backup is finishes with success after several module upgrades.


(system) closed #4

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.