duplicity-talk
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Duplicity-talk] Duplicity wiped out my server

From: address@hidden
Subject: Re: [Duplicity-talk] Duplicity wiped out my server
Date: Wed, 6 May 2015 15:04:30 +0200
OK, I've cooled down a bit and apologize for the really rough wording. I have spent the last 2 weeks migrating servers and web sites and was really, really sick of it on the whole, this was just the "icing on the cake".

I'm fully aware of the fact that this might not be a "bug" per se, however, I maintain that this is poor UX design (or, say, command-line design).

The command I tried to use was more or less like this:

duplicity --file-to-restore www/foobar.com/blah.html s3://amazon.com/foobar /

It then warned me that the destination exists (or something), and that it "won't overwrite" unless I specify --force.

Well, I DID specify --force and repeated, because for the life of me I didn't expect it to wipe out the destination path for restoring a single file (--file-to-restore).

I noticed what it was doing when it was far too late -- errors about /proc/ files and "permission denied".

I think I now understand WHY it did that, however, I still don't think it's right. duplicity works totally differently to any other tool I know (rsync, tar), while it serves a similar purpose. This is dangerous. I think anyone with experience with tar or rsync, reading the above command line, would think: "OK, it will restored the file www/foobar.com/blah.html, creating parent folders as necessary, and will do this relative to the path '/'". Again, ESPECIALLY because an option named "file-to-restore" is given, I guess nobody would expect it to delete ANYTHING. EVER.

So again, forgive me for my style, but I was really shocked. It's all good now BTW, I've had the server mounted with a rescue image, salvaged the important stuff which it didn't yet manage to delete ;-), restored the server from a snapshot and then copied the important stuff back.


On Wed, May 6, 2015 at 1:04 PM, Mikko Ohtamaa <address@hidden> wrote:


On 6 May 2015 at 12:11, address@hidden <address@hidden> wrote:
The command line is not "too complex for me". It is badly designed. I simply wanted to restore a single file to its original location. so I set / as the destination, gave the file-to-restore option, and had to use --force because, ehh, it told me so. You may be right about my manners, but this is still incredibly wrong. If I tell a tool explicitly to do action X "restore a file", why does it instead delete all files, pretty much the opposite of what I told it to do?

Yes, you will now say that "it works this way" and "read the manpage" etc. but no amount of discussion will change the fact that this tool is badly designed. It may have a great core engine, but the mere fact that this tool needs another "meta-tool" (duply) mounted on top as a clutch should tell the author that something's wrong with it.



This is not what it should do, by definition. I understand your pain and I am very glad you make other users aware of this instead of just skipping the incidence. In this point it's important to cover how this happened so it can be prevented in the future. Duplicity have many safety mechanism to make this kind of situations impossible. Do you have any more information or memory of the incidence

- What operating system and version you were running

- What user you where running (I assume the user was root - otherwise you cannot wipe disk very well in UNIX).

- Duplicity version or where did you install it and when

- When did you notice the disk was being wiped out

- Was there any output of the duplicity during restore operation - like it telling it's overwriting all paths

- Any special path configuration you had on your disk - symlinks which could lead back to root, etc.

Maybe it is something related to the paths and there can be a safety trigger to prevent this in the future.

I kindly ask all discussion participants to keep head cool. We all are professionals here and appreciate any input to discussion. So let's politely work together to see what we can learn of this.

Sorry for the incidence,
Mikko



--

_______________________________________________
Duplicity-talk mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/duplicity-talk


reply via email to
[Prev in Thread] Current Thread [Next in Thread]