WTF!!?? upgradepkg httpd deleted all my websites!
I thought I got hacked, but it happened immediately after I ran upgradepkg httpd-2.4.25-x86_64-1_slack14.2.txz
After running the command and trying to restart apache I got an error telling me that: Code:
AH00112: Warning: DocumentRoot [/srv/httpd/htdocs] does not exist I checked the logs and confirmed that the error started happening only after I did the upgrade. I was confused as hell. All my websites from /srv/httpd were gone, completely. I had in /drv/httpd/htdocs: Code:
cgi-bin/ error/ htdocs/ htdocs-cot/ htdocs-dab/ htdocs-dab-redirect/ htdocs-vp/ icons/ Code:
root@littlesvr:/srv/httpd# ls -la /srv/httpd/ After scratching my head for a while I looked at doinst.sh in the .txz file and found this in the end: Code:
( cd srv ; rm -rf httpd ) Luckily i just realized most of my content is in sql and I don't think I've made any major changes in htdocs since the last full backup. So I'll survive this. But man, this sucks so much. |
if you look above in the doinst.sh there's also this block
Code:
# Don't wipe out an existing document root: |
A bit further up in the doinst.sh is
Code:
# Don't wipe out an existing document root: edit: Just tested mv'ing a mount point which was in use and get Code:
# mv mp3/ mp3.bak |
I would advise the OP to consider moving the mount-point "upwards" to /srv/ instead of /srv/httpd/ for various reasons this discovered [BUG] included?
not much will be lost, and some will be gained? |
I have other things in srv as well but I'll rename srv/httpd to something different.
|
What about switching the mount point to /var/www/? By default, /srv/httpd/ is just a symlink to /var/www/ anyway.
|
After this experience I will do my best to avoid any standard directories for content. /var/www would have been deleted exactly the same way.
I moved it to /srv/httpd2. Unfortunately /srv/httpd was used in many places in several configuration files, some of which I've never touched before. But again - I'd rather risk breaking apache than risk losing my content. |
Quote:
|
Quote:
|
Quote:
Avoid using default paths for data of value- default paths are targets for all sorts of malevolent software. Or recent experience shows, of bugs also: Preferably, use paths that, while make sense, cannot be assumed nor guessed? I try hard to co-locate all my valuable data behind /home/ as ftp is doing, FWIW. So I usually only backup /home and /etc . |
Quote:
Quote:
|
An afterthought:
where You anticipating any harm to your data; You could just unmount it before the (any) upgrade? That could be an strategy too, provided You run the upgrade offline. The late developments (of events) however seem to encourage people to run servers "virtually": One is to upgrades one "offline" copy and then just swaps what's running online. The data (payload) and the server (towing-truck) are kept in opposing realms of "reality": *- Servers are VMs (trivial to switch back and forth update wise) *- Data is either (remote) service or partition/share (preferably off the VM host) The technique is referred as "destiny separation" in some translations. FWIW. |
Yep, all good points, except in this case if I had my remote data mounted on /srv/httpd - the apache security update would have deleted my remote data too.
Horrible! |
Well it is an unlucky bug, if there are any lucky bugs ;)
|
Quote:
But, I agree with af7567, this is a bug that should be fixed. Have you considered emailing Pat in case he hasn't noticed this thread? |
All times are GMT -5. The time now is 05:21 AM. |