Duplicati cannot access docker compose-backup folders

    • New

    Hi, I'm fairly new to OMV, Docker (compose) and Linux. So sorry in advance if I don't get all the terminology right.


    I am currently running Paperless-ngx and duplicati via the Docker compose plugin on Openmediavault 7.7.24-7.


    To backup all Paperless files, I use the compose schedule to stop the paperless containers and then run the compose backup feature. The docker backup folder is then backed up to another drive using BorgBackup, which is working fine, because as far as i can tell it is running as root.
    I then wanted to do the same using duplicati (running in another container) but duplicati cannot access the redis and postgres folders, because they are not created by the paperless user and instead by the openmediavault-webgui and get assigned the group "root". The reason for me wanting to use duplicati is, that i want to send the backup to my offsite (externally hosted) nextcloud using WebDAV.


    This is the docker_backup-folder after the backup has run:

    1 = redis, 2 = postgres

    (size and dates were removed to make it more readable)

    Bash
    drwxrws---+  2 root                  users   0
drwxr-sr-x+  2 openmediavault-webgui root    1
drwx------+ 19 openmediavault-webgui root    2
drwxr-sr-x+  4 paperless-ngx         users   3
drwxr-sr-x+  4 paperless-ngx         users   4
drwxr-sr-x+  2 paperless-ngx         users   5
drwxrwsr-x+  2 paperless-ngx         users   6


    It temporarily worked, when I used (recursive) ACLs on the docker_backup folder, but when the Compose-Backup runs again, it overwrites these settings, breaking the duplicati access. I kind of got around the problem by just running the duplicati-container with PUID=0 PGID=0, instead of the appuser duplicati. But from what I read about docker, running containers with a root user is problematic. I also tried backing up the BorgBackup-Folder, but with essentially the same problem.


    I would be grateful for any help or alternative suggestions on how to send this backup to nextcloud, thanks! If you need more information please let me know.

  • macom

    Approved the thread.
    • New

    Just wanted to let you know, that (I think) I found a fix.


    Since the compose backup allows pre- and post-backup-scripts I just let it execute the following script to give the user duplicati (1003) read/traverse rights after every backup.


    Bash: fix-docker-backup-acl.sh
    #!/bin/sh
set -eu

BACKUP_DIR="/srv/dev-disk-by-uuid-XXXX/docker_backup"

setfacl -R -m u:1003:rX "${BACKUP_DIR}"


    This way, duplicati gets read rights but without having to change the owner or the group, potentially breaking the container after a restore from the backup. Not sure if this works consistently but so far it looks promising.

    Please let me know what you think of this fix. I'm not sure if the execute rights are strictly necessary but the folder is mounted to the container as read only anyway.


    BE CAREFUL BEFORE USING THIS SCRIPT: CHANGING PERMISSIONS OF DOCKER FOLDERS CAN QUICKLY DESTROY THE CONTAINERS (ask me how I know...)

  • bobby2

    Added the Label resolved

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!

Register Yourself Login