User friendly restore

Hi to all,

I am currently using restic from the viewpoint of an administrator who is able to login via ssh and work on the commandline.

I do have a friend who is looking for some kind of server based backup that makes a backup of windows machines. The idea is to export the data drives of the Windows Workstations as shares and mount them on the Debian box and then run restic on this mounted drives. I do know that there is a windows client but I would like to stay away from software installation on the clients.

So I believe we are all set for the backup part.

I would like to get some feedback on my approach for the restore of single files. My approach is:

  • Login via putty and start a bash script that mounts the last restic snapshot in a “restore directory”
  • Installation of samba and create a share with that “restore directory”

So in case of a needed restore someone could log into the restic server and expose the backups with a single command and access all data via a network mounted

What cant be done with this approach is to go back in time and try to access a specific snapshot

Anything I am missing?

If you mount the backups without any flags you will have access to all snapshots, including a symlink to the latest snapshot.

Make sure that file permissions (ACLs) are correctly saved and restored. Make sure that your backup script can handle errors e.g. when the client is offline and you can’t mount the share.

Please remember that while ACL are saved and restored, they aren’t enforced by the Kernel in a file system mounted with fuse. Even normal user permissions (e.g. a file only readable by root) are not enforced in fuse. So make sure that users cannot access any data they can not already access the regular way.

The idea is to only allow a restore for a person with “special privilege”. I am talking about a small company with 6 office employees and 3 desktops where the owner would do this.