From 121c24216889febcffad71c0fff0814efb0793c4 Mon Sep 17 00:00:00 2001
From: syntaxbullet <syntaxbullet@protonmail.com>
Date: Fri, 13 Feb 2026 14:48:06 +0100
Subject: [PATCH] fix: handle permission denied on backup directory

The backups directory may have been created by Docker/root, making it
unwritable by the deploy user. The script now detects this and attempts
to fix permissions automatically (chmod, then sudo chown as fallback).

Also added shared/db/backups to .gitignore.
---
 .gitignore                  |  1 +
 shared/scripts/db-backup.sh | 10 ++++++++++
 2 files changed, 11 insertions(+)

diff --git a/.gitignore b/.gitignore
index 27db87f..366775b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -3,6 +3,7 @@ node_modules
 docker-compose.override.yml
 shared/db-logs
 shared/db/data
+shared/db/backups
 shared/db/loga
 .cursor
 # dependencies (bun install)
diff --git a/shared/scripts/db-backup.sh b/shared/scripts/db-backup.sh
index d207fd0..779a066 100755
--- a/shared/scripts/db-backup.sh
+++ b/shared/scripts/db-backup.sh
@@ -29,6 +29,16 @@ echo -e "${YELLOW}💾 Starting database backup...${NC}"
 
 mkdir -p "$BACKUP_DIR"
 
+# Ensure the backup directory is writable (may have been created by Docker/root)
+if [ ! -w "$BACKUP_DIR" ]; then
+  echo -e "  ${YELLOW}⚠️  Fixing backup directory permissions...${NC}"
+  chmod u+w "$BACKUP_DIR" 2>/dev/null || sudo chown "$(whoami)" "$BACKUP_DIR" 2>/dev/null || {
+    echo -e "  ${RED}✗${NC} Cannot write to $BACKUP_DIR"
+    echo "  Run: sudo chown $(whoami) $BACKUP_DIR"
+    exit 1
+  }
+fi
+
 if docker ps | grep -q aurora_db; then
   # Try to dump the database
   if docker exec aurora_db pg_dump -U "${DB_USER:-auroradev}" "${DB_NAME:-auroradev}" > "$BACKUP_FILE"; then