From dd4a6d3f0d73aa6840c82c23b2c5155e07203d8f Mon Sep 17 00:00:00 2001 From: buildplan Date: Sun, 5 Oct 2025 11:24:49 +0100 Subject: [PATCH 1/6] improved restore warning for critical directories --- restic-backup.sh | 25 +++++++++++++++++++------ 1 file changed, 19 insertions(+), 6 deletions(-) diff --git a/restic-backup.sh b/restic-backup.sh index d600059..38f488d 100644 --- a/restic-backup.sh +++ b/restic-backup.sh @@ -1,14 +1,14 @@ #!/usr/bin/env bash # ================================================================= -# Restic Backup Script v0.38 - 2025.10.04 +# Restic Backup Script v0.38.1 - 2025.10.05 # ================================================================= set -euo pipefail umask 077 # --- Script Constants --- -SCRIPT_VERSION="0.38" +SCRIPT_VERSION="0.38.1" SCRIPT_DIR=$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &>/dev/null && pwd) CONFIG_FILE="${SCRIPT_DIR}/restic-backup.conf" LOCK_FILE="/tmp/restic-backup.lock" @@ -1272,12 +1272,25 @@ run_restore() { echo -e "${C_RED}Error: Must be a non-empty, absolute path. Aborting.${C_RESET}" >&2 return 0 fi - if [[ "$restore_dest" == "/" || "$restore_dest" == "/etc" || "$restore_dest" == "/usr" ]]; then - read -p "${C_RED}WARNING: You are restoring to a critical system directory ('$restore_dest')${C_RESET}. This is highly unusual and could damage your system. Are you absolutely sure? (y/n): " confirm_dangerous_restore - if [[ "${confirm_dangerous_restore,,}" != "y" ]]; then - echo "Restore cancelled." + #--- Dangerous Restore Confirmation --- + local -a critical_dirs=("/" "/bin" "/boot" "/dev" "/etc" "/lib" "/lib64" "/proc" "/root" "/run" "/sbin" "/sys" "/usr" "/var/lib" "/var/log") + local is_critical=false + for dir in "${critical_dirs[@]}"; do + if [[ "$restore_dest" == "$dir" || "$restore_dest" == "$dir"/* ]]; then + is_critical=true + break + fi + done + if [[ "$is_critical" == "true" ]]; then + echo -e "\n${C_RED}${C_BOLD}WARNING: Restoring to critical system directory '$restore_dest'${C_RESET}" + echo -e "${C_RED}This could damage your system or make it unbootable!${C_RESET}" + local confirm + read -p "${C_YELLOW}Type 'DANGEROUS' to proceed or anything else to cancel: ${C_RESET}" confirm + if [[ "$confirm" != "DANGEROUS" ]]; then + echo -e "${C_GREEN}Restore cancelled for safety.${C_RESET}" return 0 fi + log_message "WARNING: User confirmed dangerous restore to: $restore_dest" fi local include_paths=() read -p "Optional: Enter specific file(s) to restore, separated by spaces (leave blank for full restore): " -a include_paths From b7717cc21e49d1000385b1319156ccb9d4acd439 Mon Sep 17 00:00:00 2001 From: buildplan Date: Sun, 5 Oct 2025 11:28:18 +0100 Subject: [PATCH 2/6] sha256 for v0.38.1 --- restic-backup.sh.sha256 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/restic-backup.sh.sha256 b/restic-backup.sh.sha256 index ccf15ca..0aa5abd 100644 --- a/restic-backup.sh.sha256 +++ b/restic-backup.sh.sha256 @@ -1 +1 @@ -29187bd2e11bf39a3edb4012b618ff8d17e826023759ee15e49537663163093d restic-backup.sh +7ecd44381c82ff5d5540473fdf8b1e602a894b86da23f8b02a8e6a615cf4c1e0 restic-backup.sh From 7f87c778687bdc54ae9b193b6f5a5d61e36e7d5a Mon Sep 17 00:00:00 2001 From: buildplan Date: Sun, 5 Oct 2025 11:46:04 +0100 Subject: [PATCH 3/6] directories to the critical restore warning --- restic-backup.conf | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/restic-backup.conf b/restic-backup.conf index 1726516..145f92b 100644 --- a/restic-backup.conf +++ b/restic-backup.conf @@ -18,6 +18,12 @@ RESTIC_CACHE_DIR="/var/cache/restic-backup" # Each full path should be a separate, quoted element inside the parentheses. BACKUP_SOURCES=("/home/user_files" "/home/user/my docs") +# --- Safety --- +# Add extra space-separated directories to the critical restore warning list. +# The script already protects core system paths like /etc, /usr, /var. +# Use this to add custom paths like /opt/my-app or /srv/database. +ADDITIONAL_CRITICAL_DIRS="" + # --- Backup Options --- # Backup tag to identify snapshots BACKUP_TAG="daily-$(hostname)" From 046ccce76b3a78c912d836ad1da1c9b7dae7ef0b Mon Sep 17 00:00:00 2001 From: buildplan Date: Sun, 5 Oct 2025 11:53:59 +0100 Subject: [PATCH 4/6] Add configurable critical directory protection for restores --- restic-backup.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/restic-backup.sh b/restic-backup.sh index 38f488d..5f717c9 100644 --- a/restic-backup.sh +++ b/restic-backup.sh @@ -1274,6 +1274,10 @@ run_restore() { fi #--- Dangerous Restore Confirmation --- local -a critical_dirs=("/" "/bin" "/boot" "/dev" "/etc" "/lib" "/lib64" "/proc" "/root" "/run" "/sbin" "/sys" "/usr" "/var/lib" "/var/log") + if [[ -n "${ADDITIONAL_CRITICAL_DIRS:-}" ]]; then + read -ra additional_dirs <<< "$ADDITIONAL_CRITICAL_DIRS" + critical_dirs+=("${additional_dirs[@]}") + fi local is_critical=false for dir in "${critical_dirs[@]}"; do if [[ "$restore_dest" == "$dir" || "$restore_dest" == "$dir"/* ]]; then From 75ea20365c16a5260397efbf1212628a42cd6459 Mon Sep 17 00:00:00 2001 From: buildplan Date: Sun, 5 Oct 2025 11:54:27 +0100 Subject: [PATCH 5/6] sha256 for v0.38.1 --- restic-backup.sh.sha256 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/restic-backup.sh.sha256 b/restic-backup.sh.sha256 index 0aa5abd..78b3201 100644 --- a/restic-backup.sh.sha256 +++ b/restic-backup.sh.sha256 @@ -1 +1 @@ -7ecd44381c82ff5d5540473fdf8b1e602a894b86da23f8b02a8e6a615cf4c1e0 restic-backup.sh +e60064159bf9de1519b150b2cc550aaea356e54cefbbb74f65f6110e9d06fb02 restic-backup.sh From e5fed8141f20a76edbb3a1428b3e4ed6d1a0b5aa Mon Sep 17 00:00:00 2001 From: buildplan Date: Sun, 5 Oct 2025 12:05:51 +0100 Subject: [PATCH 6/6] example for adding critical dirs --- restic-backup.conf | 2 ++ 1 file changed, 2 insertions(+) diff --git a/restic-backup.conf b/restic-backup.conf index 145f92b..99af6d4 100644 --- a/restic-backup.conf +++ b/restic-backup.conf @@ -22,6 +22,8 @@ BACKUP_SOURCES=("/home/user_files" "/home/user/my docs") # Add extra space-separated directories to the critical restore warning list. # The script already protects core system paths like /etc, /usr, /var. # Use this to add custom paths like /opt/my-app or /srv/database. +# Example: +# ADDITIONAL_CRITICAL_DIRS="/opt/app /srv/web /home/shared" ADDITIONAL_CRITICAL_DIRS="" # --- Backup Options ---