bbcb1d784b
This patch builds on work by Lars Wirzenius for the Koha packages.
To date, the only way for a Koha librarian to obtain a complete backup
of their system has been to log into the system via SSH (or FTP) to
download the mysqldump file. This patch makes it possible for
superlibrarians in properly configured systems to download night backups
via the staff client's Export tool.
Recognizing that this is functionality with potentially very grave
security implications, system administrators must manually enable these
features in the koha-conf.xml configuration file.
The following configuration settings have been added to the koha-conf.xml
file:
* backupdir => directory where backups should be stored.
* backup_db_via_tools => whether to allow superlibrarians to download
database backups via the Export tool. The default is disabled, and
there is no way -- by design -- to enable this option without manually
editing koha-conf.xml.
* backup_conf_via_tools => whether to allow superlibrarians to download
configuration backups via the Export tool (this may be applicable to
packages only). The default is disabled, and there is no way -- by
design -- to enable this option without manually editing koha-conf.xml.
This commit modifies the following scripts to make use of the new
backupdir configuration option:
* koha-dump and koha-run-backups in the Debian packages
* The sample backup script misc/cronjobs/backup.sh
Note that for security reasons, superlibrarians will not be allowed
to download files that are not owned by the web server's effective user.
This imposes a de facto dependency on ITK (for Apache) or running the
web server as the Koha user (as is done with Plack).
To test:
1. Apply patch.
2. Go to export page as a superlibrarian. Notice that no additional
export options appear because they have not been enabled.
3. Add <backupdir>$KOHADEV/var/spool</backup> to the <config> section
of your koha-conf.xml (note that you will need to adjust that so that
it is pointing at a logical directory).
4. Create the aforementioned directory.
5. Go to export page as a superlibrarian. Notice that no additional
export options appear because they have not been enabled.
6. Add <backup_db_via_tools>1</backup_db_via_tools> to the <config>
section of your koha-conf.xml
7. Go to the export page as a superlibrarian. Notice the new tab.
8. Go to the export page as a non-superlibrarian. Notice there is no
new tab.
9. Run: mysqldump -u koha -p koha | gzip > $BACKUPDIR/backup.sql.gz
(substituting appropriate user, password, and database name)
10. Go to the export page as a superlibrarian, and look at the "Export
database" tab. If you are running the web server as your Koha user,
and ran the above command as your Koha user, you should now see the
file listed as an option for download.
11. If you *did* see the file listed, change the ownership to something
else: sudo chown root:root $BACKUPDIR/backup.sql.gz
11a. Confirm that you no longer see the file listed when you look at the
"Export database" tab.
12. Change the ownership on the file to your web server (or Koha) user:
sudo chown www-data:www-data backup.sql.gz
13. Go to the export page as a superlibrarian, and look at the "Export
database" tab. You should now see backup.sql.gz listed.
14. Choose to download backup.sql.gz
15. Confirm that the downloaded file is what you were expecting.
If you are interested, you can repeat the above steps but replace
<backup_db_via_tools> with <backup_conf_via_tools>, and instead of
creating an sql file, create a tar file.
To test packaging: run koha-dump, confirm that it still creates a
usable backup.
------
This signoff contains two changes:
10-1. If no backup/conf files were present, then the message telling you
so doesn't appear and the download button does. Made them behave
correctly.
10-2. The test for a file existing required it to be owned by the
webserver UID. This change makes it so it only has to be readable.
Signed-off-by: Robin Sheat <robin@catalyst.net.nz>
297 lines
12 KiB
XML
297 lines
12 KiB
XML
|
|
<yazgfs>
|
|
<!-- [scheme:]host[:port][/databaseName] -->
|
|
<!-- scheme: tcp, ssl, unix, http, sru -->
|
|
<!-- can run all servers on tcp, but the unix socket is faster -->
|
|
|
|
<listen id="biblioserver" >unix:__ZEBRA_RUN_DIR__/bibliosocket</listen>
|
|
<listen id="authorityserver" >unix:__ZEBRA_RUN_DIR__/authoritysocket</listen>
|
|
<!-- uncomment these lines and comment out the above if running on MSWin32 -->
|
|
<!--
|
|
<listen id="biblioserver" >tcp:localhost:9998/bibliosocket</listen>
|
|
<listen id="authorityserver" >tcp:localhost:9999/authoritysocket</listen>
|
|
-->
|
|
|
|
<!-- Uncomment the following entry if you want to run the public Z39.50 server.
|
|
Also uncomment the <server> and <serverinfo> sections for id 'publicserver'
|
|
under PUBLICSERVER'S BIBLIOGRAPHIC RECORDS title-->
|
|
<!--
|
|
<listen id="publicserver" >tcp:@:__ZEBRA_SRU_BIBLIOS_PORT__</listen>
|
|
-->
|
|
|
|
<!-- Settings for special biblio server instance for PazPar2.
|
|
Because PazPar2 only connects to a Z39.50 server using TCP/IP,
|
|
it cannot use the Unix-domain socket that biblioserver uses.
|
|
Therefore, a custom server is defined. -->
|
|
__PAZPAR2_TOGGLE_XML_PRE__
|
|
<listen id="mergeserver">tcp:@:__MERGE_SERVER_PORT__</listen>
|
|
<server id="mergeserver" listenref="mergeserver">
|
|
<directory>__ZEBRA_DATA_DIR__/biblios</directory>
|
|
<config>__ZEBRA_CONF_DIR__/__ZEBRA_BIB_CFG__</config>
|
|
<cql2rpn>__ZEBRA_CONF_DIR__/pqf.properties</cql2rpn>
|
|
</server>
|
|
__PAZPAR2_TOGGLE_XML_POST__
|
|
|
|
<!-- BIBLIOGRAPHIC RECORDS -->
|
|
<server id="biblioserver" listenref="biblioserver">
|
|
<directory>__ZEBRA_DATA_DIR__/biblios</directory>
|
|
<config>__ZEBRA_CONF_DIR__/__ZEBRA_BIB_CFG__</config>
|
|
<cql2rpn>__ZEBRA_CONF_DIR__/pqf.properties</cql2rpn>
|
|
<!-- <docpath>xsl</docpath> -->
|
|
<!-- <stylesheet>xsl/default.xsl</stylesheet> -->
|
|
<!-- <maximumrecordsize>2000000</maximumrecordsize> -->
|
|
<xi:include href="__KOHA_CONF_DIR__/zebradb/__BIB_RETRIEVAL_CFG__"
|
|
xmlns:xi="http://www.w3.org/2001/XInclude">
|
|
<xi:fallback>
|
|
<retrievalinfo>
|
|
<retrieval syntax="usmarc" name="F"/>
|
|
<retrieval syntax="usmarc" name="B"/>
|
|
<retrieval syntax="xml" name="F"/>
|
|
<retrieval syntax="xml" name="B"/>
|
|
<retrieval syntax="xml" name="marcxml"
|
|
identifier="info:srw/schema/1/marcxml-v1.1">
|
|
<backend syntax="usmarc" name="F">
|
|
<marc inputformat="marc" outputformat="marcxml"
|
|
inputcharset="utf-8"/>
|
|
</backend>
|
|
</retrieval>
|
|
<retrieval syntax="xml" name="dc">
|
|
<backend syntax="usmarc" name="F">
|
|
<marc inputformat="marc" outputformat="marcxml"
|
|
inputcharset="utf-8"/>
|
|
<xslt stylesheet="__INTRANET_TMPL_DIR__/prog/en/xslt/MARC21slim2DC.xsl"/>
|
|
</backend>
|
|
</retrieval>
|
|
<retrieval syntax="xml" name="mods">
|
|
<backend syntax="usmarc" name="F">
|
|
<marc inputformat="marc" outputformat="marcxml"
|
|
inputcharset="utf-8"/>
|
|
<xslt stylesheet="__INTRANET_TMPL_DIR__/prog/en/xslt/MARC21slim2MODS.xsl"/>
|
|
</backend>
|
|
</retrieval>
|
|
<retrieval syntax="xml" name="rdfdc">
|
|
<backend syntax="usmarc" name="F">
|
|
<marc inputformat="marc" outputformat="marcxml"
|
|
inputcharset="utf-8"/>
|
|
<xslt stylesheet="__INTRANET_TMPL_DIR__/prog/en/xslt/MARC21slim2RDFDC.xsl"/>
|
|
</backend>
|
|
</retrieval>
|
|
<retrieval syntax="xml" name="rss2">
|
|
<backend syntax="usmarc" name="F">
|
|
<marc inputformat="marc" outputformat="marcxml"
|
|
inputcharset="utf-8"/>
|
|
<xslt stylesheet="__INTRANET_TMPL_DIR__/prog/en/xslt/MARC21slim2RSS2.xsl"/>
|
|
</backend>
|
|
</retrieval>
|
|
<retrieval syntax="xml" name="utils">
|
|
<backend syntax="usmarc" name="F">
|
|
<marc inputformat="marc" outputformat="marcxml"
|
|
inputcharset="utf-8"/>
|
|
<xslt stylesheet="__INTRANET_TMPL_DIR__/prog/en/xslt/MARC21slimUtils.xsl"/>
|
|
</backend>
|
|
</retrieval>
|
|
</retrievalinfo>
|
|
</xi:fallback>
|
|
</xi:include>
|
|
<xi:include href="__KOHA_CONF_DIR__/zebradb/explain-biblios.xml"
|
|
xmlns:xi="http://www.w3.org/2001/XInclude">
|
|
<xi:fallback>
|
|
<explain xmlns="http://explain.z3950.org/dtd/2.0/">
|
|
<serverInfo>
|
|
<host>__ZEBRA_SRU_HOST__</host>
|
|
<port>__ZEBRA_SRU_BIBLIOS_PORT__</port>
|
|
<database>biblios</database>
|
|
</serverInfo>
|
|
</explain>
|
|
</xi:fallback>
|
|
</xi:include>
|
|
</server>
|
|
<serverinfo id="biblioserver">
|
|
<ccl2rpn>__ZEBRA_CONF_DIR__/ccl.properties</ccl2rpn>
|
|
<user>__ZEBRA_USER__</user>
|
|
<password>__ZEBRA_PASS__</password>
|
|
</serverinfo>
|
|
|
|
<!-- AUTHORITY RECORDS -->
|
|
<server id="authorityserver" listenref="authorityserver" >
|
|
<directory>__ZEBRA_DATA_DIR__/authorities</directory>
|
|
<config>__ZEBRA_CONF_DIR__/__ZEBRA_AUTH_CFG__</config>
|
|
<cql2rpn>__ZEBRA_CONF_DIR__/pqf.properties</cql2rpn>
|
|
<!-- <docpath>xsl</docpath> -->
|
|
<!-- <stylesheet>xsl/default.xsl</stylesheet> -->
|
|
<!-- <maximumrecordsize>2000000</maximumrecordsize> -->
|
|
<xi:include href="__KOHA_CONF_DIR__/zebradb/__AUTH_RETRIEVAL_CFG__"
|
|
xmlns:xi="http://www.w3.org/2001/XInclude">
|
|
<xi:fallback>
|
|
<retrievalinfo>
|
|
<retrieval syntax="usmarc" name="F"/>
|
|
<retrieval syntax="usmarc" name="B"/>
|
|
<retrieval syntax="xml" name="marcxml"
|
|
identifier="info:srw/schema/1/marcxml-v1.1">
|
|
<backend syntax="usmarc" name="F">
|
|
<marc inputformat="marc" outputformat="marcxml"
|
|
inputcharset="utf-8"/>
|
|
</backend>
|
|
</retrieval>
|
|
<retrieval syntax="xml" name="dc">
|
|
<backend syntax="usmarc" name="F">
|
|
<marc inputformat="marc" outputformat="marcxml"
|
|
inputcharset="utf-8"/>
|
|
<xslt stylesheet="__INTRANET_TMPL_DIR__/prog/en/xslt/MARC21slim2DC.xsl"/>
|
|
</backend>
|
|
</retrieval>
|
|
<retrieval syntax="xml" name="mods">
|
|
<backend syntax="usmarc" name="F">
|
|
<marc inputformat="marc" outputformat="marcxml"
|
|
inputcharset="utf-8"/>
|
|
<xslt stylesheet="__INTRANET_TMPL_DIR__/prog/en/xslt/MARC21slim2MODS.xsl"/>
|
|
</backend>
|
|
</retrieval>
|
|
<retrieval syntax="xml" name="rdfdc">
|
|
<backend syntax="usmarc" name="F">
|
|
<marc inputformat="marc" outputformat="marcxml"
|
|
inputcharset="utf-8"/>
|
|
<xslt stylesheet="__INTRANET_TMPL_DIR__/prog/en/xslt/MARC21slim2RDFDC.xsl"/>
|
|
</backend>
|
|
</retrieval>
|
|
<retrieval syntax="xml" name="utils">
|
|
<backend syntax="usmarc" name="F">
|
|
<marc inputformat="marc" outputformat="marcxml"
|
|
inputcharset="utf-8"/>
|
|
<xslt stylesheet="__INTRANET_TMPL_DIR__/prog/en/xslt/MARC21slimUtils.xsl"/>
|
|
</backend>
|
|
</retrieval>
|
|
</retrievalinfo>
|
|
</xi:fallback>
|
|
</xi:include>
|
|
<xi:include href="__KOHA_CONF_DIR__/zebradb/explain-authorities.xml"
|
|
xmlns:xi="http://www.w3.org/2001/XInclude">
|
|
<xi:fallback>
|
|
<explain xmlns="http://explain.z3950.org/dtd/2.0/">
|
|
<serverInfo>
|
|
<host>__ZEBRA_SRU_HOST__</host>
|
|
<port>__ZEBRA_SRU_AUTHORITIES_PORT__</port>
|
|
<database>authorities</database>
|
|
</serverInfo>
|
|
</explain>
|
|
</xi:fallback>
|
|
</xi:include>
|
|
</server>
|
|
<serverinfo id="authorityserver">
|
|
<ccl2rpn>__ZEBRA_CONF_DIR__/ccl.properties</ccl2rpn>
|
|
<user>__ZEBRA_USER__</user>
|
|
<password>__ZEBRA_PASS__</password>
|
|
</serverinfo>
|
|
|
|
<!-- PUBLICSERVER'S BIBLIOGRAPHIC RECORDS -->
|
|
<!--
|
|
<server id="publicserver" listenref="publicserver">
|
|
<directory>__ZEBRA_DATA_DIR__/biblios</directory>
|
|
<config>__ZEBRA_CONF_DIR__/__ZEBRA_BIB_CFG__</config>
|
|
<cql2rpn>__ZEBRA_CONF_DIR__/pqf.properties</cql2rpn>
|
|
<xi:include href="__KOHA_CONF_DIR__/zebradb/__AUTH_RETRIEVAL_CFG__"
|
|
xmlns:xi="http://www.w3.org/2001/XInclude">
|
|
<xi:fallback>
|
|
<retrievalinfo>
|
|
<retrieval syntax="usmarc" name="F"/>
|
|
<retrieval syntax="usmarc" name="B"/>
|
|
<retrieval syntax="xml" name="F"/>
|
|
<retrieval syntax="xml" name="B"/>
|
|
<retrieval syntax="xml" name="marcxml"
|
|
identifier="info:srw/schema/1/marcxml-v1.1">
|
|
<backend syntax="usmarc" name="F">
|
|
<marc inputformat="marc" outputformat="marcxml"
|
|
inputcharset="utf-8"/>
|
|
</backend>
|
|
</retrieval>
|
|
<retrieval syntax="xml" name="dc">
|
|
<backend syntax="usmarc" name="F">
|
|
<marc inputformat="marc" outputformat="marcxml"
|
|
inputcharset="utf-8"/>
|
|
<xslt stylesheet="__INTRANET_TMPL_DIR__/prog/en/xslt/MARC21slim2DC.xsl"/>
|
|
</backend>
|
|
</retrieval>
|
|
<retrieval syntax="xml" name="mods">
|
|
<backend syntax="usmarc" name="F">
|
|
<marc inputformat="marc" outputformat="marcxml"
|
|
inputcharset="utf-8"/>
|
|
<xslt stylesheet="__INTRANET_TMPL_DIR__/prog/en/xslt/MARC21slim2MODS.xsl"/>
|
|
</backend>
|
|
</retrieval>
|
|
<retrieval syntax="xml" name="rdfdc">
|
|
<backend syntax="usmarc" name="F">
|
|
<marc inputformat="marc" outputformat="marcxml"
|
|
inputcharset="utf-8"/>
|
|
<xslt stylesheet="__INTRANET_TMPL_DIR__/prog/en/xslt/MARC21slim2RDFDC.xsl"/>
|
|
</backend>
|
|
</retrieval>
|
|
<retrieval syntax="xml" name="rss2">
|
|
<backend syntax="usmarc" name="F">
|
|
<marc inputformat="marc" outputformat="marcxml"
|
|
inputcharset="utf-8"/>
|
|
<xslt stylesheet="__INTRANET_TMPL_DIR__/prog/en/xslt/MARC21slim2RSS2.xsl"/>
|
|
</backend>
|
|
</retrieval>
|
|
<retrieval syntax="xml" name="utils">
|
|
<backend syntax="usmarc" name="F">
|
|
<marc inputformat="marc" outputformat="marcxml"
|
|
inputcharset="utf-8"/>
|
|
<xslt stylesheet="__INTRANET_TMPL_DIR__/prog/en/xslt/MARC21slimUtils.xsl"/>
|
|
</backend>
|
|
</retrieval>
|
|
</retrievalinfo>
|
|
</xi:fallback>
|
|
</xi:include>
|
|
<xi:include href="__KOHA_CONF_DIR__/zebradb/explain-biblios.xml"
|
|
xmlns:xi="http://www.w3.org/2001/XInclude">
|
|
<xi:fallback>
|
|
<explain xmlns="http://explain.z3950.org/dtd/2.0/">
|
|
<serverInfo>
|
|
<host>__ZEBRA_SRU_HOST__</host>
|
|
<port>__ZEBRA_SRU_BIBLIOS_PORT__</port>
|
|
<database>biblios</database>
|
|
</serverInfo>
|
|
</explain>
|
|
</xi:fallback>
|
|
</xi:include>
|
|
</server>
|
|
<serverinfo id="publicserver">
|
|
<ccl2rpn>__ZEBRA_CONF_DIR__/ccl.properties</ccl2rpn>
|
|
<user>__ZEBRA_USER__</user>
|
|
<password>__ZEBRA_PASS__</password>
|
|
</serverinfo>
|
|
-->
|
|
|
|
<!-- ADDITIONAL KOHA CONFIGURATION DIRECTIVE -->
|
|
<!-- db_scheme should follow the DBD driver name -->
|
|
<!-- port info: mysql:3306 Pg:5432 (5433 on Debian) -->
|
|
<config>
|
|
<db_scheme>__DB_TYPE__</db_scheme>
|
|
<database>__DB_NAME__</database>
|
|
<hostname>__DB_HOST__</hostname>
|
|
<port>__DB_PORT__</port>
|
|
<user>__DB_USER__</user>
|
|
<pass>__DB_PASS__</pass>
|
|
<biblioserver>biblios</biblioserver>
|
|
<biblioservershadow>1</biblioservershadow>
|
|
<authorityserver>authorities</authorityserver>
|
|
<authorityservershadow>1</authorityservershadow>
|
|
<intranetdir>__INTRANET_CGI_DIR__</intranetdir>
|
|
<opacdir>__OPAC_CGI_DIR__/opac</opacdir>
|
|
<opachtdocs>__OPAC_TMPL_DIR__</opachtdocs>
|
|
<intrahtdocs>__INTRANET_TMPL_DIR__</intrahtdocs>
|
|
<includes>__INTRANET_TMPL_DIR__/prog/en/includes/</includes>
|
|
<logdir>__LOG_DIR__</logdir>
|
|
<backupdir>__BACKUP_DIR__</backupdir>
|
|
<!-- Enable the two following to allow superlibrarians to download
|
|
database and configuration dumps (respectively) from the Export
|
|
tool -->
|
|
<backup_db_via_tools>0</backup_db_via_tools>
|
|
<backup_conf_via_tools>0</backup_conf_via_tools>
|
|
<pazpar2url>http://__PAZPAR2_HOST__:__PAZPAR2_PORT__/search.pz2</pazpar2url>
|
|
<install_log>__MISC_DIR__/koha-install-log</install_log>
|
|
<useldapserver>0</useldapserver><!-- see C4::Auth_with_ldap for extra configs you must add if you want to turn this on -->
|
|
<zebra_bib_index_mode>__BIB_INDEX_MODE__</zebra_bib_index_mode>
|
|
<zebra_auth_index_mode>__AUTH_INDEX_MODE__</zebra_auth_index_mode>
|
|
</config>
|
|
</yazgfs>
|