I do manual off-site backups to an external USB drive in addition to regular automatic backups.
The restic repository resides on this USB drive and I would like to plug it to my desktop PC and remotely pull data from the Synology NAS for convenience (due to its location). So the desktop PC needs to mount all Synology NAS shares to be backed up - optimally via SSHFS I guess, SMB/CIFS is not recommended by the docs.
Data belongs to all sorts of users, also system backups with root owner, hence I need the backup user to have root permissions as well.
Now here comes the problem:
I haven’t found any way to sshfs to my NAS as root user. A regular user in the Synology administrators group is not sufficient, as I would need to manually
sudo, which does not work with SSHFS.
How do other people using Synology NAS + restic manage this?
Do you have any other ideas, how to circument this issue?
Thanks in advance,
I’m not a Synology expert but since there haven’t been any answers, here’s a thought:
It seems like restic can run directly on the Synology. Why not run it there and backup to a USB harddrive connected to the NAS? That’d be way faster and doesn’t have the pull-problem you mentioned.
@nicnab yeah, that’s what I am currently doing. Though the pull-style backup would be my favorite due to practicability.
I guess what annoys me is that Synology imposes self-made restrictions for power users by castrating common functionality and even modifying open source code like the one for SSH server as closed source, hardcoding permissions concerning root (as far as I have read).
If someone knows to sshfs/sftp with root or other workarounds to mount a remote NAS folder directly as root to start a restic bakcup, I would still be happy to know it.
Yes that I don’t like either. As a matter of fact that is why I don’t use NAS devices like those. Have you considered buying an “open device” (=PC) using an open NAS distribution like FreeNAS or OpenMediaVault? Here’s a bunch of suggestions.
Personally, I have a bunch of cheap Raspberry Pis with USB harddisks (booh, I know) and Linux on them. Works for two or three users and using cheap hardware at least makes you really see to it that your backups work :o)
@nicnab exactly my thoughts!
I am going to try out Raspberry Pi 4 + OpenMediaVault - wanted a RB anyway for other things like a Pi-Hole.
USB 3.0 is imo not too bad. An alternative could be a cheap Intel NUC (amazon lists some models starting with 200 bucks) + M.2 SATA SSD drive. That also would get you an x86 architecture PC. RAID 1 shouldn’t probably not be needed for home usage as well, I personally would consider regular backups to be more important.
You could do it the other way around by exposing the USB drive via SFTP or rest-server. Then SSH into your NAS and point restic to the USB drive.
@764287 haven’t thought about this, clever idea - thanks!
Today I had a second look at the restic backup - unfortunately there is again some other oddity with Synology ACL. An example - permissions on NAS with regular
user@nas:/$ ls -al /volume1/photo
drwxrwxrwx+ 2 user users 4096 Jul 31 2020 .
-rwxrwxrwx+ 1 user users 1608321 Feb 27 2018 20180227_092116.jpg
-rwxrwxrwx+ 1 user users 1622707 Mar 13 2018 20180313_155924.jpg
root@nas:/# ls -al /volume1/photo
d---------+ 2 user users 4096 Jul 31 2020 .
----------+ 1 user users 1608321 Feb 27 2018 20180227_092116.jpg
----------+ 1 user users 1622707 Mar 13 2018 20180313_155924.jpg
1.) Why do ACL permissions change, when I switch to
root? This isn’t usual ACL behavior, correct?
restic snapshot on Desktop PC (uid
user) - old permissions not present:
root@desktop:/# ls -al /tmp/mnt/snapshots/latest/photo
d--------- 2 1026 users 0 Jul 31 2020 ./
---------- 1 1026 users 1608321 Feb 27 2018 20180227_092116.jpg
---------- 1 1026 users 1622707 Mär 13 2018 20180313_155924.jpg
photo folder, I then need to
root@desktop:/# cp -r /tmp/mnt/snapshots/latest/photo /home/user/photo
root@desktop:/# ls -al /home/user/photo
d--------- 2 root root 4096 Mär 19 18:16 ./
---------- 1 root root 1608321 Mär 19 18:16 20180227_092116.jpg
---------- 1 root root 1622707 Mär 19 18:16 20180313_155924.jpg
chown -R user:user /home/user/photo
chmod -R 0700 /home/user/photo
2.) Apart from Synology oddities in 1.:
Do I use restic in the correct way, manually changing permissions with
chmod? Or does restic have a way to automatically “normalize” permissions - for example map
user with id 1026 on NAS to
user with id 1000 to Desktop PC?
I’ve been fighting with user/group management in recent versions of DSM myself. Especially as
/etc/group are created from a database and can be overwritten anytime.
I don’t have access to a Synology NAS at the moment, hence I can’t confirm, but this doesn’t look like normal behaviour.
AFAIK, there is no built-in tool to do that. You need to manually change permission and ownership when restoring to a system with different uid/gid.
this doesn’t look like normal behaviour.
OK, good to know. This doesn’t make sense to my and is contrarious to the behavior I tested with a usual Linux OS. Here the mapped Unix/ACL permissions also didn’t “change” with
root switch (why shouldn’t they).
If I remember, Synology has implemented a “custom” closed source ACL system. For example you cannot use
getfacl, but need to rely on
synoacltool. Also a custom
ls implementation is provided with an
-e with -l, show syno-acl permission details.
There doesn’t seem to be much info concerning this proprietary implementation on the web either.
You need to manually change permission and ownership when restoring to a system with different uid/gid.
Thanks again for confirmation.
Something that just came to mind: As you are not using
restic restore but copying from
restic mount you could use rsync with
--groupmap flags which might be better if you have more than 1 owner.