Rest-server repo syncing

saviodsouza · June 10, 2021, 11:32am

Rest-server syncing issues

I have installed rest-server.service on a ubuntu 20.04 everything is working fine…

#fstab LVM
/dev/restic/store /mnt/resticvolume/backup      ext4    defaults 0 0

[Unit]
Description=Rest Server
After=syslog.target
After=network.target

[Service]
Type=simple
User=www-data
Group=www-data
ExecStart=/usr/local/bin/rest-server --append-only --path /mnt/resticvolume/backup
Restart=always
RestartSec=5

# Optional security enhancements
NoNewPrivileges=yes
PrivateTmp=yes
ProtectSystem=strict
ProtectHome=yes
ReadWritePaths=/mnt/resticvolume/backup

[Install]
WantedBy=multi-user.target

But I can’t use rclone or even cp to copy/sync data from the repo path.

$ pwd
/home/bob
$ cp /mnt/resticvolume/backup/config tmp/
cp: cannot open '/mnt/resticvolume/backup/config' for reading: Permission denied

Trying to fix I have tried
usermod -a -G www-data bob
not effective.
setfacl -Rm u:bob:rwx /mnt/resticvolume/backup/
The setfacl just gives access to existing data to user bob but when the next backup happens all new files are written with default permissions.

ll /mnt/resticvolume/backup/
total 52
drwxr-xr-x   8 www-data www-data  4096 Jun 10 07:04 ./
drwxr-xr-x   3 root     root      4096 Jun 10 05:02 ../
-rw-------   1 www-data www-data   155 Jun 10 07:04 config
drwx------ 258 www-data www-data  4096 Jun 10 07:04 data/
-rw-r--r--   1 root     root        66 Jun 10 05:18 .htpasswd
drwx------   2 www-data www-data  4096 Jun 10 07:09 index/
drwx------   2 www-data www-data  4096 Jun 10 07:04 keys/
drwx------   2 www-data www-data  4096 Jun 10 07:48 locks/
drwx------   2 root     root     16384 Jun 10 05:04 lost+found/
drwx------   2 www-data www-data  4096 Jun 10 07:48 snapshots/

With the obove output it looks like the group www-data is not getting any rwx permissions like the user www-data (that’s why the obove usermod doesn’t work)

Perpose

I want to use rclone to sync backups online. (run as user)
rclone sync -Pv /mnt/resticvolume/backup/ remotebackup

Workaround

To use restic copy not tested yet but i guess it should work.
If i use restic copy how will restic prune changes sync on the remote repo??

I prefer to use rclone sync as my first option. How do it fix permission for the restic repo???

zcalusic · June 10, 2021, 7:34pm

Hello @saviodsouza,

the simplest solution would be to run rclone as www-data user, too. Or, alternatively run rest-server as that other user, which needs to access the repo with rclone. Both ideas will work.

In any case, rest-server doesn’t really care under which user it runs, and there’s definitely nothing special about www-data user (just another user on the system with no special privileges).

Hope it helps.