Be aware that there are a number of subtleties with set -e – see http://mywiki.wooledge.org/BashFAQ/105 for some examples. As demonstrated toward the bottom of that page, some regard these subtleties as reasons to avoid set -e; others don’t. I’m in the latter camp, personally (i.e. I usually use it), but it’s not quite as simple and awesome as it might look at first.
I use rsync to do backups to a drive mounted via smb. How else would you do it? Despite the name rsync is very useful when working “locally” on mounted things.
True enough - in this specific case my NAS is set up for smb already and it’s good enough that I don’t feel the need to try to set up rsync access if that’s even an option.
Just because something is mounted on the filesystem read-only doesn’t mean you can’t write to it without using the filesystem; it means that malicious scripts can’t traverse that filesystem boundary to delete all your backups.
Sure you can write via not-the-filesystem, such as by rsyncing to a server that you mount read-only from. I don’t see how LVM fits in though - if you’re talking about LVM snapshots you’re talking about having them locally, surely?
I’m no bash expert, but obviously the strings should have been checked first. I saw an assert library for bash the other day which could be another goood solution.
And/or trolled stack exchange.
Or perhaps “guerrilla marketing operation”.
Indeed.. Turned out to be a hoax.
http://www.pcworld.com/article/3057235/data-center-cloud/that-man-who-deleted-his-entire-company-with-a-line-of-code-it-was-a-hoax.html
[Comment removed by author]
I thought it was Ansible variable syntax. But you’re probably right, and it looks as though Server Fault agrees.
[Comment removed by author]
In bash,
set -o errexitcauses the script to exit if any command fails. As well,set -o nounsetprevents unset variables from expanding to nothing.[Comment removed by author]
Bash strict mode:
Additionally, install and run
shellcheckon every bash script you write, and fix all the warnings.Wow. I didn’t know about
pipefail– that’s really useful.these are very helpful, thanks! I was only aware of
set -eBe aware that there are a number of subtleties with
set -e– see http://mywiki.wooledge.org/BashFAQ/105 for some examples. As demonstrated toward the bottom of that page, some regard these subtleties as reasons to avoidset -e; others don’t. I’m in the latter camp, personally (i.e. I usually use it), but it’s not quite as simple and awesome as it might look at first.I think the real solution here is to use a real programming language even for your one-off throwaway scripts.
was the culprit apparently - wasn’t that the code that steam used to delete its users?
More importantly where is his backups?
he said his backups were mounted, despite saying he also uses rsync
I use rsync to do backups to a drive mounted via smb. How else would you do it? Despite the name rsync is very useful when working “locally” on mounted things.
The rsync protocol is likely to be much more efficient for that use.
True enough - in this specific case my NAS is set up for smb already and it’s good enough that I don’t feel the need to try to set up rsync access if that’s even an option.
rsync over ssh
LVM snapshots, mounted read-only. You can then backup the read-only directory using rsync (push), instead of mounting a remote server read-write.
I don’t understand. The place where you’re writing the backup has to be writeable, because you’re… writing it. No?
Just because something is mounted on the filesystem read-only doesn’t mean you can’t write to it without using the filesystem; it means that malicious scripts can’t traverse that filesystem boundary to delete all your backups.
Sure you can write via not-the-filesystem, such as by rsyncing to a server that you mount read-only from. I don’t see how LVM fits in though - if you’re talking about LVM snapshots you’re talking about having them locally, surely?
Lets be honest, this is shocking because it could happen to any one of us in the right circumstances. Where’s Devops Borat…
Patch Ansible to throw an error for undefined/null varianles?
https://mobile.twitter.com/devops_borat/status/41587168870797312
Heavy ansible user here. The default is to fail for undefined variables. He must have had them set to empty strings.
I’m no bash expert, but obviously the strings should have been checked first. I saw an assert library for bash the other day which could be another goood solution.
Heh. Ansible.