Restore warning

restic-backup.conf

@@ -18,6 +18,14 @@ RESTIC_CACHE_DIR="/var/cache/restic-backup"
 # Each full path should be a separate, quoted element inside the parentheses.
 BACKUP_SOURCES=("/home/user_files" "/home/user/my docs")
 
+# --- Safety ---
+# Add extra space-separated directories to the critical restore warning list.
+# The script already protects core system paths like /etc, /usr, /var.
+# Use this to add custom paths like /opt/my-app or /srv/database.
+# Example:
+#   ADDITIONAL_CRITICAL_DIRS="/opt/app /srv/web /home/shared"
+ADDITIONAL_CRITICAL_DIRS=""
+
 # --- Backup Options ---
 # Backup tag to identify snapshots
 BACKUP_TAG="daily-$(hostname)"

restic-backup.sh

@@ -1,14 +1,14 @@
 #!/usr/bin/env bash
 
 # =================================================================
-#         Restic Backup Script v0.38 - 2025.10.04
+#         Restic Backup Script v0.38.1 - 2025.10.05
 # =================================================================
 
 set -euo pipefail
 umask 077
 
 # --- Script Constants ---
-SCRIPT_VERSION="0.38"
+SCRIPT_VERSION="0.38.1"
 SCRIPT_DIR=$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &>/dev/null && pwd)
 CONFIG_FILE="${SCRIPT_DIR}/restic-backup.conf"
 LOCK_FILE="/tmp/restic-backup.lock"
@@ -1272,12 +1272,29 @@ run_restore() {
         echo -e "${C_RED}Error: Must be a non-empty, absolute path. Aborting.${C_RESET}" >&2
         return 0
     fi
-    if [[ "$restore_dest" == "/" || "$restore_dest" == "/etc" || "$restore_dest" == "/usr" ]]; then
-        read -p "${C_RED}WARNING: You are restoring to a critical system directory ('$restore_dest')${C_RESET}. This is highly unusual and could damage your system. Are you absolutely sure? (y/n): " confirm_dangerous_restore
-        if [[ "${confirm_dangerous_restore,,}" != "y" ]]; then
-            echo "Restore cancelled."
+    #--- Dangerous Restore Confirmation ---
+    local -a critical_dirs=("/" "/bin" "/boot" "/dev" "/etc" "/lib" "/lib64" "/proc" "/root" "/run" "/sbin" "/sys" "/usr" "/var/lib" "/var/log")
+    if [[ -n "${ADDITIONAL_CRITICAL_DIRS:-}" ]]; then
+        read -ra additional_dirs <<< "$ADDITIONAL_CRITICAL_DIRS"
+        critical_dirs+=("${additional_dirs[@]}")
+    fi
+    local is_critical=false
+    for dir in "${critical_dirs[@]}"; do
+        if [[ "$restore_dest" == "$dir" || "$restore_dest" == "$dir"/* ]]; then
+            is_critical=true
+            break
+        fi
+    done
+    if [[ "$is_critical" == "true" ]]; then
+        echo -e "\n${C_RED}${C_BOLD}WARNING: Restoring to critical system directory '$restore_dest'${C_RESET}"
+        echo -e "${C_RED}This could damage your system or make it unbootable!${C_RESET}"
+        local confirm
+        read -p "${C_YELLOW}Type 'DANGEROUS' to proceed or anything else to cancel: ${C_RESET}" confirm
+        if [[ "$confirm" != "DANGEROUS" ]]; then
+            echo -e "${C_GREEN}Restore cancelled for safety.${C_RESET}"
             return 0
         fi
+        log_message "WARNING: User confirmed dangerous restore to: $restore_dest"
     fi
     local include_paths=()
     read -p "Optional: Enter specific file(s) to restore, separated by spaces (leave blank for full restore): " -a include_paths

restic-backup.sh.sha256

@@ -1 +1 @@
-29187bd2e11bf39a3edb4012b618ff8d17e826023759ee15e49537663163093d  restic-backup.sh
+e60064159bf9de1519b150b2cc550aaea356e54cefbbb74f65f6110e9d06fb02  restic-backup.sh