WARNING drop_privileges: setgroups(1, 0) failed: Operation not permitted #492
Labels
No Label
bug
data loss
design finalized
good first issue
new feature area
question / support
security
waiting for response
No Milestone
No Assignees
2 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: borgmatic-collective/borgmatic#492
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
What I'm trying to do and why
Actually this is not borgmatic error, I just wanted a support on using 'mail' command inside config.yaml hooks section.
this is what my config.yaml looks like:
and am getting this error:
WARNING drop_privileges: setgroups(1, 0) failed: Operation not permitted
I could execute this command from random .sh script file but inside borgmatic it is showing this the above error. I apperciate someone help me with this. Thank you.
Steps to reproduce (if a bug)
Include (sanitized) borgmatic configuration files if applicable.
Actual behavior (if a bug)
Include (sanitized)
--verbosity 2
output if applicable.Expected behavior (if a bug)
Other notes / implementation ideas
Environment
borgmatic version: [version here]
Use
sudo borgmatic --version
orsudo pip show borgmatic | grep ^Version
borgmatic installation method: [e.g., Debian package, Docker container, etc.]
Borg version: [version here]
Use
sudo borg --version
Python version: [version here]
Use
python3 --version
Database version (if applicable): [version here]
Use
psql --version
ormysql --version
on client and server.operating system and version: [OS here]
Where are you seeing the error? And how are you running borgmatic when it occurs? If you're using systemd, I'm guessing that your systemd configuration has locked down permissions such that the borgmatic process can't run the
mail
hook. Could I get a look at your systemd borgmatic service configuration? Thanks.I checked the error from journactl output of borgmatic.serviec. Am running borgmatic using systemd and I barely changed example config of borgmatic.service.
https://paste.centos.org/view/9083c5d4 this my borgmatic.service file.
My guess here based on the error message is that
ProtectControlGroups=yes
is interfering. So you could try commenting that out and reloading the systemd service (sudo systemctl daemon-reload
andsudo systemctl restart borgmatic
). If that doesn't solve it, you could try commenting out the system service security options (everything fromLockPersonality
toCapabilityBoundingSet
, inclusive) to see if any of those are causing your particular issue.Thank you so much it worked for me when I commented out CapabilityBoundingSet property. I think it eases up the security to run other commands.
Glad to hear it's working for you now! I'll add a comment in the sample systemd service file about this.