This seems to be an old topic, but I seem to be getting conflicting info…
Trying to use restic rest-server for back end, but then access the restic files locally
Restic files are created with 0600 permissions so not accessible to anyone but owner
I tried the --group-accessible-repos option on rest-server command but I get “unknown flag” error. I am using latest rest-server version (0.13)
Also, what is the proper UMask to use for systemd for rest-server? I have seen examples of 027, 077, 007…or is it not even necessary if you use --group-accessible-repos ?
Yes that option isn’t yet contained in a released version. Although 0.14.0 should arrive soon.
The answer will be here rest-server/examples/systemd/rest-server.service at 9f8bb0c87c93f02999723b824d0129a57652b1ab · restic/rest-server · GitHub once 0.14.0 is released.
The old behavior is that files are at most accessible by the current user. As a UMask can only further restrict the file permissions, it doesn’t matter which UMask is used for 0.13.0.
In regards to Umask…the link you point to is contradictory
The comment line says set Umask to 007, but the actual code line is set Umask to 077.
Which is it?
That comment is not a description for UMask=077 but rather an instruction what to change for group accessible repositories.