Re: [Duplicity-talk] permission denied

duplicity-talk

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Duplicity-talk] permission denied

From:	harry
Subject:	Re: [Duplicity-talk] permission denied
Date:	Tue, 16 May 2017 10:17:57 +0000

On Tue, 16 May 2017 11:38:53 +0200
"edgar.soldin--- via Duplicity-talk" <address@hidden> wrote:

> On 16.05.2017 11:06, harry via Duplicity-talk wrote:
> > Hi, 
> > 
> > I'm trying to use duplicity now to backup to a remote location
> > where an actual non-root user 'duplicity' (without the quotes) has
> > been created. This user has no permission to create directories at
> > the root level. Yet it seems duplicity wants to create the whole
> > target's path anew at every invocation. Of course this leads to a
> > lot of 'permission denied's.
> > 
> > Something like this (anonymised and edited for readability):
> > 
> > $ duplicity -v8 --ssh-askpass /rw
> > par2+pexpect+scp://duplicity@<IP>//path/to/backup/directory/duplicity/home/user
> > blah
> > blah
> > blah
> > Running 'sftp  -oServerAliveInterval=15 -oServerAliveCountMax=2
> > duplicity@<IP>' State = sftp, Before = 'duplicity@<IP>'s' 
> > State = sftp, Before = 'Connected to <IP>' sftp command: 'mkdir
> > "/path"' 
> > State = sftp, Before = 'mkdir "/path"
> > Couldn't create directory: Failure'
> > sftp command: 'cd "/path"'
> > State = sftp, Before = 'cd "/path"'
> > sftp command: 'mkdir "to"'
> > State = sftp, Before = 'mkdir "to"
> > Couldn't create directory: Failure'
> > etc
> > etc
> > 
> > It appears to me that duplicity requires remote-root rights by
> > trying to create the remote path.
> > 
> > Is there a possibility to tell duplicity to just *check* whether
> > the path exists and to only create (mkdir) the parts that don't
> > (yet) exist?
> 
> probably, it's just nobody implemented that yet.
> 
> the backend simply tries to mkdir to make sure the folder needed is
> there. usually that's not an issue. do these "errors" also show up
> when not using extra verbosity? 

The error that I get when I give the credentials of a non-root user 
without verbosity is:

Attempt 1 failed. BackendException: Error running 'sftp
-oServerAliveInterval=15 -oServerAliveCountMax=2
duplicity@<IP>': Permission denied

> > Then the administrator can create a 'zone' for duplicity to work in 
> > and where it can have rights to create directories, without having 
> > to expose the root of the drive to a non-root deserving external
> > user.
> > 
> 
> you may want to try the lftp+sftp:// backend, which has a test for
> folder and create only if missing routine. it needs lftp installed,
> which uses the cmd line ssh binaries internally.

That seems to work, thanks.

Harry


> ..ede/duply.net
> 
> 
> _______________________________________________
> Duplicity-talk mailing list
> address@hidden
> https://lists.nongnu.org/mailman/listinfo/duplicity-talk

[Prev in Thread]

Current Thread

[Next in Thread]

[Duplicity-talk] permission denied, harry, 2017/05/16
- Re: [Duplicity-talk] permission denied, edgar . soldin, 2017/05/16
  - Re: [Duplicity-talk] permission denied, harry <=

Prev by Date: Re: [Duplicity-talk] Fwd: duplicity including files in backup that have not changed?
Next by Date: [Duplicity-talk] duply/duplicity seems to explode with GnuPG 2.1.21
Previous by thread: Re: [Duplicity-talk] permission denied
Next by thread: [Duplicity-talk] duply/duplicity seems to explode with GnuPG 2.1.21
Index(es):
- Date
- Thread