Run borgmatic as non-root user & read password from a file (Questions) #68
Labels
No Label
bug
data loss
design finalized
good first issue
new feature area
question / support
security
waiting for response
No Milestone
No Assignees
2 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: borgmatic-collective/borgmatic#68
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
How can I start borgmatic as non-root user?
I can set a password in /etc/borgmatic/config.yaml and it works but I would like borgmatic to read the password from a file. I tried with this:
storage:
export BORG_PASSCOMMAND="cat /home/myuser/.borg-passphrase"
but it didn't work. How can it be done?
Just do it! Run borgmatic manually as a non-root user. Or, if you like, use the user's own crontab. Since a non-root user won't typically have access to
/etc/borgmatic
, you'll probably want to specify an alternate config file path with the-c
/--config
option. Let me know if you have any problems with non-root usage.There's an
encryption_passcommand:
option in thestorage
section of borgmatic's configuration file. I would expect this to do what you're looking for:However, note that under the hood, this just constructs the
BORG_PASSCOMMAND
environment variable as you've already tried. So if that's not working, perhaps this is an issue with Borg? Have you tried increasing the verbosity level to see if Borg is picking up that environment variable and consuming it?"Just do it! Run borgmatic manually as a non-root user. Or, if you like, use the user’s own crontab. Since a non-root user won’t typically have access to /etc/borgmatic, you’ll probably want to specify an alternate config file path with the -c/--config option. Let me know if you have any problems with non-root usage."
I did run it as a non-root user but it seems that borgmatic still has created the archives as root since I didn't have access as normal user to the repo. I would like to use systemd with timer.
I have created a new config file with:
generate-borgmatic-config --destination /home/jose/.borgmatic/home.yaml
renamed the first config file to /etc/borgmatic/config.yaml.bak and tried to run borgmatic again. Now I'm getting this error:
$ borgmatic -v 2
Ensuring legacy configuration is upgraded
Error: No configuration files found in: /etc/borgmatic/config.yaml /etc/borgmatic.d
If borgmatic, run as a non-root user, doesn't have access to a repo because it's owned by root, that probably means the repo was created by the root user. If there's nothing in it, I'd recommend deleting the repo and recreating it as a non-root user.
As for most recent error, I think you need to provide borgmatic with the
--config
option plus your config filename, so that borgmatic knows where to find your non-root configuration file. If you don't provide that, borgmatic looks in/etc/borgmatic/
by default."If borgmatic, run as a non-root user, doesn’t have access to a repo because it’s owned by root, that probably means the repo was created by the root user. If there’s nothing in it, I’d recommend deleting the repo and recreating it as a non-root user."
The repo was not created by the root user but something went wrong, I don't know what, and the permissions of some borg files changed from normal user to root user.
borgmatic/systemd seems to be creating backups normally (I can list them) but when I run:
~ borgmatic --verbosity 2 --config /home/jose/.borgmatic/home_jose.yaml
I'm getting an error:
/home/jose/.borgmatic/home_jose.yaml: Running command for on-error hook
/home/jose/.borgmatic/home_jose.yaml: Hook command: echo "Error while creating a backup."
Error while creating a backup.
Command '('borg', 'create', '/mnt/BACKUPS/Borg/home/::{hostname}-home-backup-{now:%Y%m%d-%H%M%S}', '/home/jose', '--exclude-from', '/mnt/BACKUPS/borg_exclude.txt', '--exclude-caches', '--exclude-if-present', '.nobackup', '--compression', 'lz4', '--one-file-system', '--lock-wait', '5', '--debug', '--list', '--stats')' returned non-zero exit status 1.
A few different ideas to help with debugging:
borg create /mnt/BACKUPS/Borg/home/::{hostname}-home-backup-{now:%Y%m%d-%H%M%S} /home/jose --exclude-from /mnt/BACKUPS/borg_exclude.txt --exclude-caches --exclude-if-present .nobackup --compression lz4 --one-file-system --lock-wait 5 --debug --list --stats
1.I run the following without getting any errors:
borg create -spv --compression lz4 --list --exclude-caches --exclude-if-present .nobackup --exclude-from ‘/mnt/BACKUPS/borg_exclude.txt’ --one-file-system --lock-wait 5 --debug --list --stats /mnt/BACKUPS/Borg/home/::mybackup-{now:%Y%m%d-%H%M%S} /home/jose/
2.Already tried that. This is what I get:
check_free_space: required bytes 232765978, free bytes 1238147207 security: saving state for … to /home/jose/.config/borg/security/… security: current location /mnt/BACKUPS/Borg/home security: key type 3
3.My borgmatic config file:
location:
Given that Borg appears to be running without errors, but borgmatic thinks it's erroring, my recommendation would be to run that bare Borg command by itself again, and then immediately after:
echo $?
to see its numeric exit code. If it's non-zero, then that would explain why borgmatic thinks it's erroring. And then we can look up that exit code in Borg documentation or source to see what the code is indicating.If the exit code is just zero, then something really weird is going on.
I ran borg again and after it has finished I did
echo
?. The exit code is 1.So borgmatic isn't the cause of the error. Any ideas how can I check what is causing the error?
I was hoping for a more exotic error code like 255 or something, so we could look that up. Given that you're just getting 1, I recommend doing one of two things:
File a Borg support ticket with your reproduction steps, plus the actual behavior (exit code 1) and the expected behavior (exit code 0).
See if there's anything you might be missing in the raw Borg output that indicates an error is occurring. Looks like you've already got
--debug
on, so that's good. You might try removing the-v
flag in case that's overriding--debug
.A permission issue was causing exit code 1. It's OK now. Thanks!