Is there a way to tell restic to set the repository files it writes over sftp to have a certain user id and/or group id ?
My situation is that I have a server, where the user belongs to several groups and I would like restic to write all files as one of the groups the user belongs to.
On the remote side, you just need to set everything to be owned by the correct group and then chmod all of the directories to have the setgid bit. This causes all files and directories created under that directory to be owned by the group the directory is owned by, and all directories are automatically created with the setgid bit, so the configuration will automatically inherit to newly-created directories.
Ah, yes, restic intentionally operates with a forced umask of 0077. I even created a forum thread about this, so it’s a bit silly of me to forget that.
IMO restic should defer to the umask when writing repository files but I don’t know if @fd0 is open to that change. “Secure by default” is reasonable, but the current approach is also unreasonably limiting for system administrators who know what they are doing.
I like that the default is secure, for sure.
I’d like to have a possibility to specify gid and uid from the restic commandline, as an optional parameter, would that be something worth implementing @fd0 ? If so - I could probably find some time to do the implementation myself later.
I don’t think setting the uid/gid manually is necessary since you can use the setgid bit as I described. However, we need a way for restic to create files with a user-supplied umask (or use the process umask) instead of forcing a umask of 0077.