首页 发现 帮助
登录
mirrors
/
borg
镜像自地址 https://github.com/borgbackup/borg
2
0
派生 0
文件 工单管理 0 Wiki
目录树: 9973296c09
分支列表 标签列表
borg
/
docs
/
deployment
/
non-root-user.rst

non-root-user.rst 2.4 KB
文件历史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566 
  1. .. include:: ../global.rst.inc
    2. 

  2. .. highlight:: none
    3. 

  3. .. _non_root_user:
    4. 

  4. 

  5. ================================
    6. 

  6. Backing up using a non-root user
    7. 

  7. ================================
    8. 

  8. 

  9. This section describes how to run Borg as a non-root user and still be able to
    10. 

  10. back up every file on the system.
    11. 

  11. 

  12. Normally Borg is run as the root user to bypass all filesystem permissions and
    13. 

  13. be able to read all files. But in theory this also allows Borg to modify or
    14. 

  14. delete files on your system, in case of a bug, for example.
    15. 

  15. 

  16. To eliminate this possibility, we can run Borg as a non-root user and give it read-only
    17. 

  17. permissions to all files on the system.
    18. 

  18. 

  19. 

  20. Using Linux capabilities inside a systemd service
    21. 

  21. =================================================
    22. 

  22. 

  23. One way to do so is to use Linux `capabilities
    24. 

  24. <https://man7.org/linux/man-pages/man7/capabilities.7.html>`_ within a systemd
    25. 

  25. service.
    26. 

  26. 

  27. Linux capabilities allow us to give some of the privileges that the root user has to
    28. 

  28. a non-root user. This works on a per-thread level and does not grant these permissions
    29. 

  29. to the non-root user as a whole.
    30. 

  30. 

  31. For this, we need to run our backup script from a systemd service and use the `AmbientCapabilities
    32. 

  32. <https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html#AmbientCapabilities=>`_
    33. 

  33. option added in systemd 229.
    34. 

  34. 

  35. A very basic unit file would look like this:
    36. 

  36. 

  37. ::
    38. 

  38. 

  39.     [Unit]
    40. 

  40.     Description=Borg Backup
    41. 

  41. 

  42.     [Service]
    43. 

  43.     Type=oneshot
    44. 

  44.     User=borg
    45. 

  45.     ExecStart=/usr/local/sbin/backup.sh
    46. 

  46. 

  47.     AmbientCapabilities=CAP_DAC_READ_SEARCH
    48. 

  48. 

  49. The ``CAP_DAC_READ_SEARCH`` capability gives Borg read-only access to all files and directories on the system.
    50. 

  50. 

  51. This service can then be started manually using ``systemctl start``, a systemd timer or other methods.
    52. 

  52. 

  53. Restore considerations
    54. 

  54. ======================
    55. 

  55. 

  56. When restoring files, the root user should be used. When using the non-root user, borg extract will
    57. 

  57. change all files to be owned by the non-root user. Using borg mount will not allow the non-root user
    58. 

  58. to access files that it would not have access to on the system itself.
    59. 

  59. 

  60. Other than that, the same restore process that would be used when running the backup as root can be used.
    61. 

  61. 

  62. .. warning::
    63. 

  63. 

  64.     When using a local repo and running borg commands as root, make sure to only use commands that do not
    65. 

  65.     modify the repo itself, like extract or mount. Modifying the repo using the root user will break
    66. 

  66.     the repo for the non-root user, since some files inside the repo will now be owned by root.
    67.