I don’t know if this is a dumb question maybe because I don’t have enough knowledge about this subject, but this is my scenario: I have three machines and a home server in my local network. The three machines sends daily backups to their own repository (just their /home
directory. All repositories are located in an HDD attached to my home server and the transfer is done via sftp
. The server is also backing up to the HDD to its own repository.
What I want to do:
I want a single repository for all machines including the server but the server itself seems to be the problem.
What I did:
I created a new repository with a regular user (non-root user). Once I created the repository I did a test backup of all machines and it went fine but as soon as I did a backup for the server (using the root account) the repository became inaccessible for all the other users. This was using just one key.
The second time I created a repository and created two keys just to test if that was the problem. I created a key for the admin
user and another one for the root
user. Once the keys were created I did a test backup for the admin
user and it gave me errors. In fact, every command I tried (backup
, snapshots
, etc.) sends me the same error. I did a backup for the root
user and it went okay. Everything doing by the root
user is okay.
What about the output?
# create keys with regular user
[admin]:/mnt/ExternalDrive $ restic -r ./repo key list
enter password for repository:
repository bd12621d opened successfully, password is correct
ID User Host Created
----------------------------------------------------------------------
6c65a34c admin server 2018-09-09 14:34:33
*e46409ff admin server 2018-09-09 14:33:25
----------------------------------------------------------------------
# changing key for root
[root]:/mnt/ExternalDrive # restic -r ./repo key passwd
enter password for repository:
repository bd12621d opened successfully, password is correct
enter password for new key:
enter password again:
saved new key as <Key of root@server, created on 2018-09-09 14:35:31.972671828 -0400 EDT m=+10.564116728>
# list keys
[root]:/mnt/ExternalDrive # restic -r ./repo key list
enter password for repository:
repository bd12621d opened successfully, password is correct
ID User Host Created
----------------------------------------------------------------------
*5d4aa11b root server 2018-09-09 14:35:31
e46409ff admin server 2018-09-09 14:33:25
----------------------------------------------------------------------
# listing keys with the regular user
[admin]:/mnt/ExternalDrive $ restic -r ./repo key list
enter password for repository:
Load(<key/5d4aa11bf4>, 0, 0) returned error, retrying after 658.623438ms: open repo/keys/5d4aa11bf4d8cc571a16ae84cac89c4e40a5491e6a4ea89e6d34a781e962b9b5: permission denied
Load(<key/5d4aa11bf4>, 0, 0) returned error, retrying after 1.104471145s: open repo/keys/5d4aa11bf4d8cc571a16ae84cac89c4e40a5491e6a4ea89e6d34a781e962b9b5: permission denied
Load(<key/5d4aa11bf4>, 0, 0) returned error, retrying after 1.140137723s: open repo/keys/5d4aa11bf4d8cc571a16ae84cac89c4e40a5491e6a4ea89e6d34a781e962b9b5: permission denied
Load(<key/5d4aa11bf4>, 0, 0) returned error, retrying after 2.251098731s: open repo/keys/5d4aa11bf4d8cc571a16ae84cac89c4e40a5491e6a4ea89e6d34a781e962b9b5: permission denied
Load(<key/5d4aa11bf4>, 0, 0) returned error, retrying after 2.718723783s: open repo/keys/5d4aa11bf4d8cc571a16ae84cac89c4e40a5491e6a4ea89e6d34a781e962b9b5: permission denied
Load(<key/5d4aa11bf4>, 0, 0) returned error, retrying after 3.026445999s: open repo/keys/5d4aa11bf4d8cc571a16ae84cac89c4e40a5491e6a4ea89e6d34a781e962b9b5: permission denied
Load(<key/5d4aa11bf4>, 0, 0) returned error, retrying after 5.048927499s: open repo/keys/5d4aa11bf4d8cc571a16ae84cac89c4e40a5491e6a4ea89e6d34a781e962b9b5: permission denied
Load(<key/5d4aa11bf4>, 0, 0) returned error, retrying after 9.182446691s: open repo/keys/5d4aa11bf4d8cc571a16ae84cac89c4e40a5491e6a4ea89e6d34a781e962b9b5: permission denied
signal interrupt received, cleaning up
# trying to backup as regular user
[admin]:/mnt/ExternalDrive $ restic -r ./repo backup /home/admin
enter password for repository:
Load(<key/5d4aa11bf4>, 0, 0) returned error, retrying after 430.682604ms: open repo/keys/5d4aa11bf4d8cc571a16ae84cac89c4e40a5491e6a4ea89e6d34a781e962b9b5: permission denied
Load(<key/5d4aa11bf4>, 0, 0) returned error, retrying after 844.318289ms: open repo/keys/5d4aa11bf4d8cc571a16ae84cac89c4e40a5491e6a4ea89e6d34a781e962b9b5: permission denied
Load(<key/5d4aa11bf4>, 0, 0) returned error, retrying after 1.374246337s: open repo/keys/5d4aa11bf4d8cc571a16ae84cac89c4e40a5491e6a4ea89e6d34a781e962b9b5: permission denied
Load(<key/5d4aa11bf4>, 0, 0) returned error, retrying after 1.305006662s: open repo/keys/5d4aa11bf4d8cc571a16ae84cac89c4e40a5491e6a4ea89e6d34a781e962b9b5: permission denied
Load(<key/5d4aa11bf4>, 0, 0) returned error, retrying after 3.776074804s: open repo/keys/5d4aa11bf4d8cc571a16ae84cac89c4e40a5491e6a4ea89e6d34a781e962b9b5: permission denied
signal interrupt received, cleaning up
# ownership on repo
[root]:/mnt/ExternalDrive # ls -la ./repo
total 32
drwx------ 7 admin admin 4096 Sep 9 14:33 .
drwx------ 7 admin admin 4096 Sep 9 14:33 ..
-rw------- 1 admin admin 155 Sep 9 14:33 config
drwx------ 258 admin admin 4096 Sep 9 14:33 data
drwx------ 2 admin admin 4096 Sep 9 14:33 index
drwx------ 2 admin admin 4096 Sep 9 14:35 keys
drwx------ 2 admin admin 4096 Sep 9 14:37 locks
drwx------ 2 admin admin 4096 Sep 9 14:33 snapshots
# keys/ ownership
[root]:/mnt/ExternalDrive # ls -la ./repo/keys
total 16
drwx------ 2 admin admin 4096 Sep 9 14:35 .
drwx------ 7 admin admin 4096 Sep 9 14:33 ..
-rw------- 1 root root 452 Sep 9 14:35 5d4aa11bf4d8cc571a16ae84cac89c4e40a5491e6a4ea89e6d34a781e962b9b5
-rw------- 1 admin admin 450 Sep 9 14:33 e46409ff1df1cd3e514a39cbc57f6419f5b6efc17a2c65b7c82cc197113b126b
Others:
- Another thing that I noticed was that when I did the first test using the same key for all hosts, after the error, I deleted the snapshot of the
root
user and everything went back to normal. I could use the “normal users” again in the same repo. - In the second test I had to remove the
root
key to go back to normal. - During this tests I noticed that when you mount a repository with one user key you can still see the other hosts snapshots and the data. Can this be restricted to only see the snapshots for their own key?
What I’m assuming is that the root
account is taking ownership and that is why it doesn’t allows me to do anything with another user.
I don’t know if what I’m trying to do make sense or not. For now I’ll keep the server repository. Thanks in advance for your help.
PS.: I’m using restic 0.9.2
on all hosts and the server; all machines are GNU/Linux.