Permissions for restic commands - user that cannot forget/purge


I was thinking… if I have the “env”/credentials file on the server, anyone hacking my server could find that file and then run purge/forget commands with restic, and therefore clearing all the backups I have from that server.

Even if I don’t have the file always living on the server, and only when the backup runs, there’s still a risk that the hacker could find it while the backup runs.

Is there a way we could have a separate credential/user that only has permission to create a snapshot, but no permissions to forget/purge or do anything else to existing snapshots?

Happy to know your opinion on what best practices are usually followed to prevent disasters of backups being compromised together with the server being hacked.

(I use restic with AWS S3)

Thank you!

Hi :wave:

Yes you can! Since you’re using AWS, here is my answer to a similar question.

There is a small catch, one can still replace files with empty files and create a lot of snapshots. That’s only a problem if you’re doing forget/prune automatically though.

1 Like

Thank you very much! Perfect.

Sure - I should have thought about simply having 2 users in AWS S3 for this :slight_smile: - one with restricted permissions and another one with full permissions.

Yeah - makes sense, and very good point (about the empty files) to think about when I implement this.

Have a great day

1 Like