I am now trying to create a script and .desktop file to allow non-technical users to mount and browse the backup. The automatic-backup project is based on running as root, so I’m using pkexec to prompt for password and do the mount under /media/$USER/restic/ (using --allow-other). A password for this makes sense anyway.
The mount then appears as a removable drive in Nautilus, but the unmount button does of curse not work.
I have tried a number of approaches to enable this:
Run the mount as $USER. Getting the right env vars, pwd etc., set from root’s files without compromising security is problematic.
Granting permissions / ownership to the mount point does not work as described in other contexts.
I believe setting the “user” option on the mount as reported by “mount” should do the trick, but I can not find a way to do that.
OK, I have a solution that almost works using the first approach mentioned above.
# run as root or with pkexec
export RESTIC_PASSWORD=$(< /etc/restic/pw.txt)
unset RESTIC_PASSWORD_FILE # this caused problem when sudo mount as user
env | egrep -i "restic|b2" # view all relevant env vars
sudo -u myuser mkdir -p /media/myuser/restic
# mount as user but with root's env.
sudo -u myuser -E restic mount /media/myuser/restic
The problem this runs into is this: unable to open cache: mkdir /root/.cache: permission denied
I have not yet read up on what the restic cache is and does. I have allays interrupted the process before the mount finished here, so as not to mess up anything.
Doing export RESTIC_CACHE_DIR=/home/myuser/.cache allowed the mount to proceed without errors, and the mount point is now owned by “myuser” as expected.
However I am still not able to unmount the drive from Nautilus! Its the same “Permission denied” as when mounted as root. There is nothing useful in the journal and increased verbosity does not reveal anything.
fusermount -u /media/myuser/restic as myuser on the other hand works just fine!
The mount line looks like this: restic on /media/myuser/restic type fuse (ro,nosuid,nodev,relatime,user_id=1000,group_id=1000)
Now I’m really at loss. I have no idea what’s going on with Nautilus.
my understanding is that the user-facing issue is that Nautilus offers an ‘Eject’ button which is tied by some underlying library to ‘umount’ instead of ‘fusermount -u’, regardless of whether the filesystem is fuse or not.
According to this bug It should be OK from Ubuntu 20.04 LTS (I’m on 18.4)
I’m going to be setting up restic on 22.04 soon. Will report back how it goes.