❯ restic version
restic 0.17.3 compiled with go1.23.3 on linux/amd64
Hi all, I am trying to use restic over SFTP. To start with, only running snapshots. I am getting Permission denied errors, which I don’t understand as I should have all permissions. Furthermore, mounting the same location with SSHFS and then running restic snapshots with the same options does work! This leaves me a bit confused, I thought ssfhs was just a wrapper over sftp? Are there some sort of permission differences between the two?
First, the output when trying to use sftp:
❯ restic snapshots -r sftp:francis@truenas.home:/mnt/main/backups/restic-1 --password-file password.txt
repository 95891bc5 opened (version 2, compression level auto)
Save(<lock/1161dc57f3>) failed: OpenFile: permission denied
unable to create lock in backend: OpenFile: permission denied
Interestingly, what I understand from the restic error is that it could not create the lock? However when I ls the locks directory in the repo (mounted using sshfs), I do see the lock was created:
❯ restic snapshots -r sftp:francis@truenas.home:/mnt/main/backups/restic-1 --password-file password.txt
repository 9ce4e894 opened (version 2, compression level auto)
Save(<lock/e6fb028c83>) failed: OpenFile: permission denied
unable to create lock in backend: OpenFile: permission denied
❯ ls ~/mnt/truenas-restic-1/locks/
e6fb028c8376142ff377fb5e1b8fee90267746e81da5dd6ebb959efc7fb7654e-restic-temp-88098707c19bfe77f25bce23c70c7c7c
Could this be a bug in restic? Is there a way to get more verbose output from restic? Even using --verbose=2 or -vv doesn’t give me anymore output.
(ssh'd on the remote machine)
francis@truenas:~$ ls -l /mnt/main/backups/restic-1/
total 111
-rwxrwx--- 1 francis francis 155 Mar 25 17:12 config
drwxrwx--- 258 francis francis 258 Mar 25 17:12 data
drwxrwx--- 2 francis francis 11 Mar 25 22:55 index
drwxrwx--- 2 francis francis 3 Mar 25 17:12 keys
drwxrwx--- 2 francis francis 9 Mar 25 22:55 locks
drwxrwx--- 2 francis francis 3 Mar 25 22:55 snapshots
francis@truenas:~$ ls -l /mnt/main/backups/restic-1/locks/
total 4
-rwxrwx--- 1 francis francis 0 Mar 25 17:36 38d10377329c42525ab31666a320931bd20f02f72d7d0ddfe763f8a7ec21f013-restic-temp-aa90150a4510a4c1f71f6706d6959c55
-rwxrwx--- 1 francis francis 0 Mar 25 17:36 4f3cd333c59a228a1ada45f12adf7f08dccaa485c6c8fc21343ca1b7da80660b-restic-temp-4044dc731b055a781e0081907e34c8d4
-rwxrwx--- 1 francis francis 0 Mar 25 17:34 55e16be028fe0b444fa207056ec139c7c3cd96e67b1b53de306567dce44c9f45-restic-temp-ce18b2a94418da8c0dfedbfc4b9029ce
-rwxrwx--- 1 francis francis 0 Mar 25 17:34 a301fda6c7c0aeb6ec08a138430b0deeb489d3f047566a7bb17ef94377e0b81a-restic-temp-3f9096a4934d8677e8f8f1e4310c3508
-rwxrwx--- 1 francis francis 0 Mar 25 17:35 a58e532d987f31a2eada5a1046bf3926e1b39e9558a461f1ba54e70d3d29b730-restic-temp-ac15a8d8cda906a7556c7c6926844804
-rwxrwx--- 1 francis francis 0 Mar 25 17:34 ad7ff6c490eb26e1c4ebc0a38518c25f6ad54f5c4ba91761f8db1089d79490ae-restic-temp-7bb1fc56ec40e7c4bb92229f14bcaed9
-rwxrwx--- 1 francis francis 0 Mar 25 17:15 e6fb028c8376142ff377fb5e1b8fee90267746e81da5dd6ebb959efc7fb7654e-restic-temp-88098707c19bfe77f25bce23c70c7c7c
All those locks are from me trying to run restic snapshots with sftp: as above.
OK I mostly figured it out. The short version is: change the ACL mode on the Truenas dataset from Restricted to Passthrough. I can now run restic snapshots without an error (and restic backup, too!).
Yes, restic restricts the file permissions to only allow the owner read/write access to the data in the repository. Restic 0.18.0 (should be released any minute now) will provide better error messages for the SFTP backend.