Job Errors on 2nd Run

Deployed Duplicate on an Unraid server.

Created first backup job and re-ran until it completed successfully, uploading to a S3-compatible cloud storage provider. The job backs up my own data stored on this server, as well as the containers I have running on this Unraid server too, i.e. their configs and other.

The job is configured to run weekly, but this fails.

If I try to manually run it, it also errors.

I am mostly confused because it has run successfully the first time. So I am not sure why it is now erroring.

These are the entries from the log file, under the “Warnings” section (note, not the “Error” section):

“Warnings”: [
“2023-02-14 20:35:12 +00 - [Warning-Duplicati.Library.Main.Operation.Backup.FileEnumerationProcess-FileAccessError]: Error reported while accessing file: /source/appdata/Nginx-Proxy-Manager-Official/letsencrypt/live/”,
“2023-02-14 20:35:12 +00 - [Warning-Duplicati.Library.Main.Operation.Backup.FileEnumerationProcess-FileAccessError]: Error reported while accessing file: /source/appdata/Nginx-Proxy-Manager-Official/letsencrypt/live/”,
“2023-02-14 20:35:12 +00 - [Warning-Duplicati.Library.Main.Operation.Backup.FileEnumerationProcess-FileAccessError]: Error reported while accessing file: /source/appdata/Nginx-Proxy-Manager-Official/letsencrypt/archive/”,
“2023-02-14 20:35:12 +00 - [Warning-Duplicati.Library.Main.Operation.Backup.FileEnumerationProcess-FileAccessError]: Error reported while accessing file: /source/appdata/Nginx-Proxy-Manager-Official/letsencrypt/archive/”,
“2023-02-14 20:35:12 +00 - [Warning-Duplicati.Library.Main.Operation.Backup.FileEnumerationProcess-FileAccessError]: Error reported while accessing file: /source/appdata/Nginx-Proxy-Manager-Official/letsencrypt/keys/”,
“2023-02-14 20:35:12 +00 - [Warning-Duplicati.Library.Main.Operation.Backup.FileEnumerationProcess-FileAccessError]: Error reported while accessing file: /source/appdata/Nginx-Proxy-Manager-Official/letsencrypt/keys/”,
“2023-02-14 20:35:12 +00 - [Warning-Duplicati.Library.Main.Operation.Backup.FileEnumerationProcess-FileAccessError]: Error reported while accessing file: /source/appdata/Nginx-Proxy-Manager-Official/letsencrypt/accounts/”,
“2023-02-14 20:35:12 +00 - [Warning-Duplicati.Library.Main.Operation.Backup.FileEnumerationProcess-FileAccessError]: Error reported while accessing file: /source/appdata/Nginx-Proxy-Manager-Official/letsencrypt/accounts/”,
“2023-02-14 20:35:12 +00 - [Warning-Duplicati.Library.Main.Operation.Backup.FileEnumerationProcess-FileAccessError]: Error reported while accessing file: /source/appdata/portainer-ce/docker_config/”,
“2023-02-14 20:35:12 +00 - [Warning-Duplicati.Library.Main.Operation.Backup.FileEnumerationProcess-FileAccessError]: Error reported while accessing file: /source/appdata/portainer-ce/docker_config/”,
“2023-02-14 20:35:12 +00 - [Warning-Duplicati.Library.Main.Operation.Backup.FileEnumerationProcess-FileAccessError]: Error reported while accessing file: /source/appdata/portainer-ce/bin/”,
“2023-02-14 20:35:12 +00 - [Warning-Duplicati.Library.Main.Operation.Backup.FileEnumerationProcess-FileAccessError]: Error reported while accessing file: /source/appdata/portainer-ce/bin/”,
“2023-02-14 20:35:12 +00 - [Warning-Duplicati.Library.Main.Operation.Backup.FileEnumerationProcess-FileAccessError]: Error reported while accessing file: /source/appdata/portainer-ce/compose/”,
“2023-02-14 20:35:12 +00 - [Warning-Duplicati.Library.Main.Operation.Backup.FileEnumerationProcess-FileAccessError]: Error reported while accessing file: /source/appdata/portainer-ce/compose/”,
“2023-02-14 20:35:12 +00 - [Warning-Duplicati.Library.Main.Operation.Backup.FileEnumerationProcess-FileAccessError]: Error reported while accessing file: /source/appdata/portainer-ce/tls/”,
“2023-02-14 20:35:12 +00 - [Warning-Duplicati.Library.Main.Operation.Backup.FileEnumerationProcess-FileAccessError]: Error reported while accessing file: /source/appdata/portainer-ce/tls/”,
“2023-02-14 20:35:12 +00 - [Warning-Duplicati.Library.Main.Operation.Backup.FileEnumerationProcess-FileAccessError]: Error reported while accessing file: /source/appdata/portainer-ce/certs/”,
“2023-02-14 20:35:12 +00 - [Warning-Duplicati.Library.Main.Operation.Backup.FileEnumerationProcess-FileAccessError]: Error reported while accessing file: /source/appdata/portainer-ce/certs/”,
“2023-02-14 20:35:38 +00 - [Warning-Duplicati.Library.Main.Operation.Backup.FileBlockProcessor.FileEntry-PathProcessingFailed]: Failed to process path: /source/appdata/rclone/rclone.conf”,
“2023-02-14 20:36:26 +00 - [Warning-Duplicati.Library.Main.Operation.Backup.FileEnumerationProcess-FileAccessError]: Error reported while accessing file: /source/appdata/Nginx-Proxy-Manager-Official/letsencrypt/live/”

However, I do not want to go in a disrupt a container’s filesystem permissions. Particularly the containers in question, it is their SSL cert keys which typically have owner-only RW permissions only.

Welcome to the forum @acidtranslate !

Have you tried looking at those paths (/source/appdata/…) from within the Duplicati container? (“ls -l”) That will at least tell you what Duplicati is seeing and give some clue to what’s going on and why Duplicati can’t access those things. From there, hopefully, we can come up with a solution.

Thanks @Lerrissirrel - and I should have thought of that myself…

root@06eaf3e440c7:/# ls -l /
total 96
drwxr-xr-x   1 abc  users   18 Feb 11 10:19 app
drwxrwxrwx   1 1001 users   65 Feb 15 12:26 backups
drwxrwxrwx   1 abc  users   99 Feb  5 20:30 source

There are more directories from the container. These are the volumes that are the source of the Duplicati backup job.

Otherwise, this is the standard Unraid config for this container image.

Hello

a quick remark: let’s encrypt files are root-only on a normal computer. I don’t know about the other files, but maybe it’s related also to your backup running on a normal user account ? I don’t know Docker so feel free to dismiss my advice as irrelevant.

Yes - this was my understanding too. These permissions are by design.

But how do you back this up? Or is it not necessary to, and upon redeploying this container, new certs would be generated?

Docker has its history with running as root, but is mostly running in user space these days. However, I am brand new to Unraid, and it’s own internal config of Docker… Some of these permissions look odd, but as you say, it is sometimes dictated / recommended.

If the Docker container is running as an ordinary user, I don’t see how it will be able to backup root files directly. That’s a general problem for any backup software. On a more standard computer, you need to run Duplicati as a systemd service (as root) or a Windows service to backup files belonging to another user(s).

IIRC there are mentions of bind mount in posts concerning Docker, so maybe a work around can be found.

Actually I was thinking of the specific files you were having trouble backing up vs the /source directory itself. But as you and @gpatel-fr are already discussing, it’s almost certainly a root ownership related problem. With luck you’ll be able to find lots of discussions on the web about allowing Docket containers’ OS to access root owned files from outside the container.

I don’t use Docker either, but generic way to see more about the specific complaint is to use logging.
About → Show log → Live → Warning and click on them, or use Advanced options to have a log file.

Job log summary due to exception should also include exception summary #4843
is my pitch to make the default logs more informative. Second line often contains the “why” of errors.

I suppose you could also look at About → System info and see what UserName line says Duplicati is.
I don’t know if the launch method on 2nd run might have been different, resulting in low permissions.

These log entries appear under “Warning” not “Error”.

I have seen some people changing the PUID and GUID values, but also that LinuxServer.io specifically state not to do so.

This would seem a standard requirement for this SPECIFIC container, given its function…

I suppose you could look for a place to ask, but this person didn’t get very far…

Duplicati cannot access some files

Duplicati’s container runs as root, which is cruder (and more dangerous) but gets files better.

Runtime privilege and Linux capabilities is possibly a finer-grained way to get what’s needed.

Linux kernel capabilities explains the idea behind this, and links to a man page with specifics:

capabilities(7) — Linux manual page

Maybe this can do the job?

   CAP_DAC_OVERRIDE
          Bypass file read, write, and execute permission checks.
          (DAC is an abbreviation of "discretionary access
          control".)

EDIT:

but I’m not sure what user files would restore as by default. Inside-outside mapping is complex.
Just to do backup, you might need less, e.g.

   CAP_DAC_READ_SEARCH
          * Bypass file read permission checks and directory read
            and execute permission checks;

How can I ensure my backup user has access to all files created by arbitrary processes with arbitrary UMASK, users, groups, and permissions?
gets into this and more, without a clear answer. If you like, continue web searches for solutions,
or if you can find the right place, ask the LinuxServer folks how they think you should be usng it.