Snapshots still not readable for others

The documentation says, I quote: “Since restic version 0.14 local and SFTP repositories can be made accessible to members of a system group. To control this we have to change the group permissions of the top-level config file and restic will use this as a hint to determine what permissions to apply to newly created files. By default restic init sets repositories up to be group inaccessible.”

So back on October 19, I set permissions to 444:

$ ls -l restic_repo/config
-r--r--r-- 1 root root 155 Oct 19 04:05 restic_repo/config

Today I realized permissions are still wrong, even though the server has been restarted several times since October 19:

$ ls -l restic_repo/data/1e/1e4e2f220545f7806df27939b1ab837a4951907d313c13136e84495f7500ac70
-r--r----- 1 root root 16969583 Nov 14 10:03 restic_repo/data/1e/1e4e2f220545f7806df27939b1ab837a4951907d313c13136e84495f7500ac70

Version:

$ restic version
restic 0.17.1 compiled with go1.23.1 on linux/amd64

What am I missing?

From the documentation, I am assuming that if config has permission 444, then all snapshots should be readable for all. This is not the case?

It applies to group permissions. As you quoted from docs.

Yes. I can be a terribly sloppy reader.

Set up a group backup now, and that solves the issue.

3 Likes