How to allow user unmount in Nautilus?

I am using restic through the restic-automatic-backup-scheduler project. (It’s so much faster than deja-dup!)

I am now trying to create a script and .desktop file to allow non-technical users to mount and browse the backup. The automatic-backup project is based on running as root, so I’m using pkexec to prompt for password and do the mount under /media/$USER/restic/ (using --allow-other). A password for this makes sense anyway.

The mount then appears as a removable drive in Nautilus, but the unmount button does of curse not work.
I have tried a number of approaches to enable this:

  • Run the mount as $USER. Getting the right env vars, pwd etc., set from root’s files without compromising security is problematic.
  • Granting permissions / ownership to the mount point does not work as described in other contexts.
  • I believe setting the “user” option on the mount as reported by “mount” should do the trick, but I can not find a way to do that.

Does anyone here know a way to make this work?

OK, I have a solution that almost works using the first approach mentioned above.

#!/usr/bin/env bash
# run as root or with pkexec
source /etc/restic/default.env.sh
export RESTIC_PASSWORD=$(< /etc/restic/pw.txt)
unset RESTIC_PASSWORD_FILE   # this caused problem when sudo mount as user
env | egrep -i "restic|b2"   # view all relevant env vars
sudo -u myuser mkdir -p /media/myuser/restic
 # mount as user but with root's env.
sudo -u myuser -E restic mount /media/myuser/restic  
#...
rmdir /media/myuser/restic

The problem this runs into is this:
unable to open cache: mkdir /root/.cache: permission denied

I have not yet read up on what the restic cache is and does. I have allays interrupted the process before the mount finished here, so as not to mess up anything.

Any suggestions, or tips?

Overriding the cache location to somewhere “myuser” has read/write access would probably fix that error message:

https://restic.readthedocs.io/en/stable/manual_rest.html?#caching

Or you could use --no-cache, but I would expect a performance hit if doing so.

Thanks for the pointer.

Doing export RESTIC_CACHE_DIR=/home/myuser/.cache allowed the mount to proceed without errors, and the mount point is now owned by “myuser” as expected.
However I am still not able to unmount the drive from Nautilus! Its the same “Permission denied” as when mounted as root. There is nothing useful in the journal and increased verbosity does not reveal anything.

fusermount -u /media/myuser/restic as myuser on the other hand works just fine!

The mount line looks like this:
restic on /media/myuser/restic type fuse (ro,nosuid,nodev,relatime,user_id=1000,group_id=1000)
( 1000=myuser)

Now I’m really at loss. I have no idea what’s going on with Nautilus.

Update.
It seems this is a known bug

my understanding is that the user-facing issue is that Nautilus offers an ‘Eject’ button which is tied by some underlying library to ‘umount’ instead of ‘fusermount -u’, regardless of whether the filesystem is fuse or not.

According to this bug It should be OK from Ubuntu 20.04 LTS (I’m on 18.4)
I’m going to be setting up restic on 22.04 soon. Will report back how it goes.