Ticket #355: Data Recovery & Password Reset for Ocusers 01 & 03 - SupaHotBall/OE2-Group-D GitHub Wiki

Task

📌 Implementation Tasks

  • Reset Passwords for ocuser01 and ocuser03 to the initial default password

  • Ensure users can log in and access their home directories post-reset.

  • Document password reset steps.

  • Recover Data for Affected Users

  • Retrieve and restore the lost files from the backup system.

  • Restore data to users' owncloud directories or /ocuser1_data and /ocuser3_data for validation.

  • Ensure permissions are preserved and data is intact.

📌 Validation Procedures

  • Verify Backup System

  • Confirm your backup system has been capturing user data as scheduled.

  • Identify backup location (e.g., /backup or offsite storage ).

  • List backup archives covering the period from 30 May to 3 July.

  • Test user logins after password reset

  • Validate Backup Automation

  • Demonstrate that backups were automatically generated (not manual).

  • Show that your automated backup and restore services or cron jobs are working as expected

  • Show relevant logs or crontab/systemd job responsible for backups.

  • Include time-stamped file listings or rsync logs as proof in your documentation.

📌 Acceptance Criteria

  • Passwords for ocuser01 and ocuser03 are successfully reset
  • Owncloud Users 01 and 03 data from 30 May – 3 July is fully recovered
  • Evidence shows backup automation was active during the loss period
  • All permissions and ownership of recovered files are preserved
  • Restoration steps are clearly documented for reproducibility

Steps Taken

Step 1: Reset Passwords for ocuser01 and ocuser03

App-d Server

  1. Reset OwnCloud user passwords:
sudo -u www-data php /var/www/owncloud/occ user:resetpassword ocuser01
sudo -u www-data php /var/www/owncloud/occ user:resetpassword ocuser03

And Enter the new password "Rushhour"

Explanation:

  • Reset passwords for both users to a default (e.g. Rushohur) to ensure they can log in.

image

  1. Confirm login works:
  • Open browser -> https://group-d.op-bit.nz/index.php/login
  • Log in with:
    • Username: ocuser01 / ocuser03
    • Password: Rushhour

Expected Result:

  • Both users can access OwnCloud again using their new password.

image image

Step 2: Verify Backup Exists

db-d Server

ls -lh /var/backups/mysql/daily

Explanation:

  • Check that backups were created automatically during the target window (30 May – 3 July).

Expected Result:

  • Files like db-d_mysqldump_2025-05-30_02-10.sql.gpg exist and are dated correctly.

image

Step 3: Copy Backup from Offsite to DB Server

offsite sever

scp [email protected]:/home/group-d/db/db-d_mysqldump_2025-05-30_02-10.sql.gpg ~/

Explanation:

  • Transfer the required encrypted backup file from the offsite backup server.

Expected Result:

  • File appears in ~/ on db-d.

image

Step 4: Decrypt the Backup

db-d server

gpg --output db-restore.sql --decrypt db-d_mysqldump_2025-05-30_02-10.sql.gpg

Explanation:

  • Decrypt the .gpg file to produce a usable .sql dump.

Expected Result:

  • You get a file named db-restore.sql.

image

Step 5: Restore the SQL Backup

db-d server

sudo mysql -u root < db-restore.sql

Explanation:

  • Restore the database using the .sql dump.

Expected Result:

  • OwnCloud database and tables restored successfully. SHOW DATABASES; shows owncloud.

image

Step 6: Verify Backup Automation

sudo crontab -l

Explanation:

  • Validate that backups were automated using a daily cron job controlled by Puppet.

Expected Result:

image

Cron job was created and is running daily.

Step 7: Verify GPG Key

gpg --list-keys

Explanation:

  • Ensure the correct GPG key is still on the system for decryption.

Expected Result:

  • backup@group-d key appears and is valid.

image

Step 8:Fix Permissions

apps-d server

sudo chown -R www-data:www-data /var/www/owncloud/data/ocuser01
sudo chown -R www-data:www-data /var/www/owncloud/data/ocuser03

Explanation:

  • Ensure OwnCloud has permission to read restored files.

Expected Result:

  • ls -l shows www-data:www-data ownership on all files.

Step 9: Confirm Recovery

ls -l /var/www/owncloud/data/ocuser01/files
ls -l /var/www/owncloud/data/ocuser03/files

Explanation:

  • Manually inspect recovered folders to validate data presence and timestamps.

Expected Result:

  • May 30 files such as Documents and Learn more about ownCloud are listed.

image

Challenges

External Resources

Ticket Reference

https://rt.dataraster.com/Ticket/Display.html?id=355