Running restic commands as root

Hello. I’m trying to run restic commands as root but am plagued by:

Fatal: unable to open config file: Stat: Access Denied.
Is there a repository at the following location?

I’ve tried setting AWS_* env vars before every restic command but still get the same error. Running the commands without sudo works fine. Anyone know what’s going on?

sudo doesn’t preserve the environment by default:

[root@pc ~]# export FOO=bar
[root@pc ~]# sudo env | grep FOO
[root@pc ~]# sudo --preserve-env env | grep FOO
[root@pc ~]#

I wouldn’t use --preserve-env though. You might like the wrapper approach:

That’s exactly what I did as well. I have a script that has a bunch of relevant exports and called restic "$@" at the end. Here’s the script:

export BACKUP_INCLUDES='--files-from /local/home/hqkhan/.restic/includes --files-from /local/home/hqkhan/.restic/includes_private' 
export BACKUP_EXCLUDES='--exclude-file /local/home/hqkhan/.restic/excludes --exclude-file /local/home/hqkhan/.restic/excludes_private'
export AWS_DEFAULT_REGION=us-east-1
export RESTIC_PASSWORD='...'
export AWS_SHARED_CREDENTIALS_FILE=~/.aws/credentials
restic "$@"

Invoked the script like so: sudo ./script snapshots resulting in the same error.

I wanted to have a systemd timer that invokes my service that runs restic backup. This service would run as root.

Hm. If it works without sudo this line stands out:

export AWS_SHARED_CREDENTIALS_FILE=~/.aws/credentials

Is there a /root/.aws/credentials?

1 Like

There’s no /root/.aws/credentials. AWS_SHARED_CREDENTIALS_FILE is supported by restic and actually defaults to that. I put it there just to be safe I guess. It holds the secret key and secret token stuff for AWS. I manually set the secret key stuff manually as well but it still did not work.

~ is evaluated in the context of the current user. That is if you run the script as root, it will look at /root/.aws/credentials.


Oh man. Thank you for that. That was it. Learned something new.

I missed what you were saying here. The ~ was definitely it. Thanks again