Default backup user w group permissions can’t open source directory

Support
1

hi! first time setting up Duplicati here - on Ubuntu Server 20.04.4 LTS with Duplicati 2.0.7.1_beta_2023-05-25 installed via Docker (in CasaOS). I changed the process to run as the default backup user (PID=34) and verified both processes (Duplicati and mono) are owned by the backup user:

# ps aux | grep backup
backup   1303750  0.1  0.3 141456 32692 ?        Ssl  11:08   0:00 mono Duplicati.Server.exe --webservice-interface=any --server-datafolder=/config --webservice-allowed-hostnames=*
backup   1303779  0.7  1.2 1160752 119632 ?      Sl   11:08   0:03 /usr/bin/mono-sgen /app/duplicati/Duplicati.Server.exe --webservice-interface=any --server-datafolder=/config --webservice-allowed-hostnames=*

I double checked the backup user has permissions to access files of the ddb group:

root@presence:/userdata# groups backup
backup : backup ddb

but I can’t navigate into the emby4ddb directory:

duplicati - can’t open folder
duplicati - can’t open folder2048×1444 225 KB

The permissions for this directory on the command line confirms the ddb group has permissions to this directory:

# ls -altr | grep ddb
drwxrwx---  3 ddb  ddb      4096 Apr 20 22:24 emby4ddb

Bit puzzled why Duplicati can’t open the folder :thinking:

Anyone have suggestions how to troubleshoot this further?

2

Hi @udance4ever,

Welcome to the forums!

I admit I didn’t quite follow everything here. I am unfamiliar with CasaOS and am not sure how it relates to you saying you’re running Ubuntu Server.

When you say you changed the process to run as the “backup” user, what/where did you set that?

Are the outputs you included from the base OS or from within the Docker container?

I suspect, in the end, this is an issue of Docker permissions but that’s a guess. Hopefully with some more info, I can help more!

Regards,
L

3

Welcome to the forum @udance4ever

As mentioned, exact steps matter, but we don’t know them. Docker (which I don’t use) makes it worse.

Linux processes generally inherit supplementary groups from their parent, regardless of admin actions.

Only certain points, such as login, will set things up from scratch. Docker start may or may not do that.

Additional Groups

--group-add: Add additional groups to run as

By default, the docker container process runs with the supplementary groups looked up for the specified user. If one wants to add more to that list of groups, then one can use this flag

It sounds like changing supplementary groups on the host, then giving the user or added group should do.

User says how to pass the user to docker run, but if you’re using some GUI assist, I can’t help with that.

One way to troubleshoot is to trace supplementary groups. Does ps -p 1303750 -o supgrp show ddb?