Permissions, owners, groups, oh my!

Duplicati looked perfect! I spent all day organizing my backups and now that I’ve run a test… I hit a WTF moment.

Upon recovery, ownership of files is obliterated. That’s not good. rdiff-backup retains ownership as does rsync, so it certainly should be possible.

And permissions, WOW… I clicked the option to preserve permissions and instead it completely messes with them! 775 suddenly becomes 555. All write access is removed, even for the file owner (which isn’t the correct owner anyway!). If I DON’T check that option, then it seems to work for permissions (at first blush anyway, I haven’t run more tests) but still kills the owners.

As the system admin, I should be able to backup users’ files and have them expect them to be still theirs when it comes back! Please tell me there’s a fix for this.

Ps. I’m backing up to a remove server. Both are Ubuntu 20.04.

Welcome to the forum!

Is Duplicati running as root? I run Duplicati on a couple Linux machines but haven’t experimented much with the permission preservation.

If you are willing, please open an issue on the Github project site with steps to reproduce.

Thank you

Thanks for the reply.

No, Duplicati is running as duplicati. I generally run each application as their own user. The duplicati user, however, belongs to groups that provide it read and write access to each of the folders/files in question.

I’ll do some more tests so I can communicate the issue more clearly and I’ll open an issue.

Then again… it appears to work when run as root. It shouldn’t be necessary, at least when run from docker, since CHOWN rights can be granted to the container. Its also going to throw people for a loop constantly (who have a multi-user environment) because the image maintainer (for example, linuxserver) shows PUID/PGID as 1000 in their example. Most people are going to think (rather correctly) that running as root is dangerous.

Anyway, its BETA so what can I expect, right? And there are a lot of open issues so I’m not going to add to the pile. I’ve found a suitable workaround. Eventually though, you’re going to want to consider permission and ownership issues a little more carefully.

1 Like

The official duplicati docker image runs as duplicati as root by default. I agree that in general it’s best practice to run software with the principle of least privilege, but in the case of backup software it often needs access to all files on the system.

The linuxserver docker image maintainers have chosen to implement different defaults, probably from a heightened security posture.

I have quite a bit of experience with Linux and am pretty good with docker, but I admit I’m not familiar with the limitations of using chown as a non-root user especially in the context of container folder mappings to the host.

Glad you were able to find a workaround, nonetheless. This thread may be helpful to others in the future.