SourceForge has been redesigned. Learn more.

#20262 Project web content issue: amanda

Todd Kover

Our web hierarchy (/home/groups/a/am/amanda) seems to
have completely disappeared and we're not quite sure
happened to it.

We've restored what we can from our CVS repository
where much of it lives, but we weren't keeping an
offsite copy of the hierarchy so we can't regenerate a
lot of it.

Did something happen such that it would disappear? Is
there any way we can it back?

It disappeared on October 9.

It's a little embarassing to tell people that the
AMANDA project didn't do backups. :-)



  • Anonymous

    Anonymous - 2001-10-16
    • assigned_to: nobody --> moorman
    • milestone: 104417 --> Second Level Support
  • Jacob Moorman

    Jacob Moorman - 2001-10-19
    • summary: web hierarchy disappeared --> Project web content issue
    • priority: 5 --> 8
  • Jacob Moorman

    Jacob Moorman - 2001-10-22
    • summary: Project web content issue --> Project web content issue: amanda
  • Jacob Moorman

    Jacob Moorman - 2001-10-22

    Logged In: YES

    Resolution of this support request is currently pending;
    additional information will be posted to this support
    request in the next 24 hours. Thank you for your patience.

  • Jacob Moorman

    Jacob Moorman - 2001-10-23

    Logged In: YES


    It is the goal of to provide services to
    projects within the Open Source software development
    community. has a limited set of resources
    available with which to provide these services; with this in
    mind, we have taken steps we feel appropriate for handling
    this particular issue. Your comments are welcome, and may
    be submitted as a comment to this support request.


    As stated, the hosting environment used by
    is driven by a single user account. Some projects, to
    easily permit the web server to be able to write data to
    their group directory structure, have flagged files and/or
    directories as world writable (i.e. ANYONE can write to
    these files). Files and directories which are world
    writable are at a significant risk; ANY user may modify
    these files, ANY user may remove these files.

    Earlier this week, a user of project shell or project web
    services, either maliciously or accidentally, did just that
    -- modified the contents of all world writable files. Any
    issues your project has experienced are directly as result
    of these permissions choices; each project hosted on is responsible for its own content.


    A number of projects, including yours, did not understand
    the security implications of their actions. You should
    always maintain proper UNIX security precautions. World
    writable files are a bad idea. Your project should consider
    its options and move forward from this point.


    Content hosted on is the sole responsibility
    of the project hosting that content. has
    provided, through the site documentation
    collection, documentation covering our data backup and
    restoration policies, including procedures and
    recommendations for use by projects.
    This document is available at:

    It is the policy of that backups are
    performed on a regular basis. It is the policy of that restoration of data from these backups
    is done ONLY in the case of catastrophic hardware failure or
    in the context of disaster recovery (i.e. an earthquake, or
    similar). is making a one-time exception to
    this rule for your project and will provide you with a copy
    of your data from the backup immediately prior to this
    event. Please see the aforementioned documentation for
    further details. Please institute regular backups of your
    project data, per the instructions in that document.


    1. At your request, group ownership of files and directories
    may be changed to match the user of the project web server.
    This will still provide only a casual level of security
    above world writable files, HOWEVER, it will mean that
    damage to your project files could only be caused by another
    script running on the project web server (essentially
    eliminating the risk for accidental damage). To request
    group ownership change for files or directories, submit a
    support request detailing the UNIX name for your project and
    the exact paths whose group ownership you wish to be

    2. has published procedural information and
    recommendations for backups your project should perform.
    Please implement backup procedures accordingly.

    3. Consider storing your data in your project MySQL
    database; this will further protect it from accidental (and
    most malicious) damage.

    4. Some project-specific web applications clearly require a
    higher level of security than, a free
    service, is able to provide. If you determine your
    application to have such requirements, you should consider
    hosting that application using other facilities (such as
    those secure facilities which are commercially available).
    Your project web space should not be used
    for hosting mission-critical, security-critical


    As stated, we are treating this as a one-time exception to
    our backup policy. No further on-demand data restoration
    will occur from this point forward. It is your
    responsibility to implement proper backups for your project
    and to use those backups should you choose not to implement
    more strict security precautions for your data. A complete
    tarball of your project group directory structure has been
    placed at the top-level of your project group directory


    1. Your project data was damaged as result of UNIX
    file/directory permissions selected by your project.
    2. It is the policy of that we do not
    perform on-demand data restoration; we are making a ONE-TIME
    exception to these policies to ensure that this matter is
    handled in a timely and proper manner.
    3. Your project should implement the minimum data backup
    policies located at:
    4. Your project should consider implementing increased
    security for your application data.
    5. A tarball containing your group data (restored from
    backup) has been placed in your project's group directory on
    6. Questions, comments and concerns may be submitted to by adding a comment to this support request;
    alternately, please e-mail with
    subject 'Response to 2001-10 Data Restoration Event'.

    Thank you,

    Jacob Moorman
    Quality of Service Manager,

  • Jacob Moorman

    Jacob Moorman - 2001-10-23
    • priority: 8 --> 5
    • status: open --> closed
  • Todd Kover

    Todd Kover - 2001-10-28

    Logged In: YES

    The tarball disappeared before we were able to get it.

    Presumably, this is because our group directory is owned
    by nobody (something we can't change) and someone ran
    something that did removal inside the web server.

    Could we get the tarball put somewhere other people can't
    delete it, and get our web area chown'd such that nobody
    doesn't own it?


  • Todd Kover

    Todd Kover - 2001-10-28
    • status: closed --> open
  • Jacob Moorman

    Jacob Moorman - 2001-10-29
    • priority: 5 --> 8
  • Jacob Moorman

    Jacob Moorman - 2001-10-29

    Logged In: YES


    The ownership of the amanda project group directory has been
    created. The tarball containing restored data has been
    regenerated and has been placed within this directory.
    Should you have further questions or concerns regarding this
    matter, please re-open this support request and add a

    Thank you,

    Jacob Moorman
    Quality of Service Manager,

  • Jacob Moorman

    Jacob Moorman - 2001-10-29
    • priority: 8 --> 5
    • status: open --> closed