How do you configure pull-style backups for Synology NAS?

Hey there,
I do manual off-site backups to an external USB drive in addition to regular automatic backups.

The restic repository resides on this USB drive and I would like to plug it to my desktop PC and remotely pull data from the Synology NAS for convenience (due to its location). So the desktop PC needs to mount all Synology NAS shares to be backed up - optimally via SSHFS I guess, SMB/CIFS is not recommended by the docs.

Data belongs to all sorts of users, also system backups with root owner, hence I need the backup user to have root permissions as well.

Now here comes the problem:

I haven’t found any way to sshfs to my NAS as root user. A regular user in the Synology administrators group is not sufficient, as I would need to manually sudo, which does not work with SSHFS.

How do other people using Synology NAS + restic manage this?
Do you have any other ideas, how to circument this issue?

Thanks in advance,
emie

I’m not a Synology expert but since there haven’t been any answers, here’s a thought:

It seems like restic can run directly on the Synology. Why not run it there and backup to a USB harddrive connected to the NAS? That’d be way faster and doesn’t have the pull-problem you mentioned.

1 Like

@nicnab yeah, that’s what I am currently doing. Though the pull-style backup would be my favorite due to practicability.

I guess what annoys me is that Synology imposes self-made restrictions for power users by castrating common functionality and even modifying open source code like the one for SSH server as closed source, hardcoding permissions concerning root (as far as I have read).

If someone knows to sshfs/sftp with root or other workarounds to mount a remote NAS folder directly as root to start a restic bakcup, I would still be happy to know it.

Yes that I don’t like either. As a matter of fact that is why I don’t use NAS devices like those. Have you considered buying an “open device” (=PC) using an open NAS distribution like FreeNAS or OpenMediaVault? Here’s a bunch of suggestions.

Personally, I have a bunch of cheap Raspberry Pis with USB harddisks (booh, I know) and Linux on them. Works for two or three users and using cheap hardware at least makes you really see to it that your backups work :o)

@nicnab exactly my thoughts! :slight_smile:

I am going to try out Raspberry Pi 4 + OpenMediaVault - wanted a RB anyway for other things like a Pi-Hole.

USB 3.0 is imo not too bad. An alternative could be a cheap Intel NUC (amazon lists some models starting with 200 bucks) + M.2 SATA SSD drive. That also would get you an x86 architecture PC. RAID 1 shouldn’t probably not be needed for home usage as well, I personally would consider regular backups to be more important.

1 Like

You could do it the other way around by exposing the USB drive via SFTP or rest-server. Then SSH into your NAS and point restic to the USB drive.

2 Likes

@764287 haven’t thought about this, clever idea - thanks!

Today I had a second look at the restic backup - unfortunately there is again some other oddity with Synology ACL. An example - permissions on NAS with regular user:

user@nas:/$ ls -al /volume1/photo
drwxrwxrwx+  2 user users    4096 Jul 31  2020 .
-rwxrwxrwx+  1 user users 1608321 Feb 27  2018 20180227_092116.jpg
-rwxrwxrwx+  1 user users 1622707 Mar 13  2018 20180313_155924.jpg

Changing to root via sudo -i:

root@nas:/# ls -al /volume1/photo
d---------+  2 user users    4096 Jul 31  2020 .
----------+  1 user users 1608321 Feb 27  2018 20180227_092116.jpg
----------+  1 user users 1622707 Mar 13  2018 20180313_155924.jpg

1.) Why do ACL permissions change, when I switch to root? This isn’t usual ACL behavior, correct?

restic snapshot on Desktop PC (uid 1026 = user) - old permissions not present:

root@desktop:/# ls -al /tmp/mnt/snapshots/latest/photo
d--------- 2 1026 users       0 Jul 31  2020 ./
---------- 1 1026 users 1608321 Feb 27  2018 20180227_092116.jpg
---------- 1 1026 users 1622707 Mär 13  2018 20180313_155924.jpg

To restore photo folder, I then need to chmod and chown:

root@desktop:/# cp -r /tmp/mnt/snapshots/latest/photo /home/user/photo
root@desktop:/# ls -al /home/user/photo
d---------   2 root  root     4096 Mär 19 18:16 ./
----------   1 root  root  1608321 Mär 19 18:16 20180227_092116.jpg
----------   1 root  root  1622707 Mär 19 18:16 20180313_155924.jpg

chown -R user:user /home/user/photo
chmod -R 0700 /home/user/photo

2.) Apart from Synology oddities in 1.:
Do I use restic in the correct way, manually changing permissions with chown and chmod? Or does restic have a way to automatically “normalize” permissions - for example map user with id 1026 on NAS to user with id 1000 to Desktop PC?

Thanks!

I’ve been fighting with user/group management in recent versions of DSM myself. Especially as /etc/passwd and /etc/group are created from a database and can be overwritten anytime.

I don’t have access to a Synology NAS at the moment, hence I can’t confirm, but this doesn’t look like normal behaviour.

AFAIK, there is no built-in tool to do that. You need to manually change permission and ownership when restoring to a system with different uid/gid.

1 Like

this doesn’t look like normal behaviour.

OK, good to know. This doesn’t make sense to my and is contrarious to the behavior I tested with a usual Linux OS. Here the mapped Unix/ACL permissions also didn’t “change” with root switch (why shouldn’t they).

If I remember, Synology has implemented a “custom” closed source ACL system. For example you cannot use getfacl, but need to rely on synoacltool. Also a custom ls implementation is provided with an -e option: -e with -l, show syno-acl permission details.

There doesn’t seem to be much info concerning this proprietary implementation on the web either.

You need to manually change permission and ownership when restoring to a system with different uid/gid.

Thanks again for confirmation.

Something that just came to mind: As you are not using restic restore but copying from restic mount you could use rsync with --usermap and --groupmap flags which might be better if you have more than 1 owner.

1 Like