You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This will run the backup script as the non-root user borg, but while running inside this service the script and thus the borg binary being called has the CAP_DAC_READ_SEARCH capability.
CAP_DAC_READ_SEARCH gives you read-only access to all directories and all files, ignoring all other filesystem permissions.
@stephan13360 can you check our docs if we already have something like that (iirc: no) and if not, make a PR against 1.4-maint branch? Guess that would help a lot of users.
Hello!
Have you checked borgbackup docs, FAQ, and open GitHub issues?
Honestly, no: I think this might be outside of Borg's scope (or not... ^^).
Is this a BUG / ISSUE report or a QUESTION?
Question.
Your borg version (borg -V).
borg-linuxold64 1.2.7 (standalone binary)
Operating system (distribution) and version.
OpenVZ 7 => ldd (GNU libc) 2.17 (yes, you read it right...)
Long story short 1
I would like to run Borg (create) as an unprivileged user (eq: borg-backup => uid 6666).
But I also need Borg to backup files owned by root (--stdin-user USER might help but not convenient).
Long story short 2
I need files present in [BORG_CACHE_DIR|BORG_SECURITY_DIR] to be owned by a non-root user (eg: borg-backup)
But I also need to run Borg using a script executed by "root" or "borg-backup" (uid 6666).
Long story short 3
I tried "Setgid bit" (Borg binaries and tgz), tried "sudo -u borg-backup -- borg-linuxold64" and some other stupid things...
Is there a clean way to invoke Borg to store internal data (config/cache/security) as a normal user while being able to save some files owned by root?
Please, feel free to send me a RTFM and close this issue if I missed something.
Have a great night!
The text was updated successfully, but these errors were encountered: