Permission denied does not result in failure (Continuation of #486) #709
Labels
No Label
bug
data loss
design finalized
good first issue
new feature area
question / support
security
waiting for response
No Milestone
No Assignees
3 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: borgmatic-collective/borgmatic#709
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
What I'm trying to do and why
Trying to setup a gitlab backup process (though this issue is not gitlab-specific)
Steps to reproduce (if a bug)
gitlab.yml
Dockerfile:
Actual behavior (if a bug)
borg setup:
borgmatic init --encryption repokey --verbosity 2 --config gitlab.yml
borgmatic:
borgmatic create --verbosity 1 --list --stats --config gitlab.yml
results inExpected behavior (if a bug)
Permission denied error should result in hard exit, imo.
I realize that I could run borgmatic as sudo. Yet, I'd rather fix my permissions between docker and gitlab. I understand the tutorial always suggests using sudo, however this issue may arise in other instances as well.
Other notes / implementation ideas
Seems like the patch that fixed #486 should be applicable here.
Environment
borgmatic version: 1.7.14
borgmatic installation method: pip
Borg version: 1.15
Python version: 3.8.10
operating system and version: Ubuntu 20.04
Thanks for taking the time to file this and provide a detailed description. I think what's going on here, and the reason that #486 doesn't solve this, is because the changes in #486 only look at the top-level source directory paths; they don't recurse into subdirectories. And in your particular example, you've got
/home/julian/gitlab/logs
in your source directories, but Borg is erroring on/home/julian/gitlab/logs/alertmanager
and adjacent files.So I'll have to look into how feasible recursing would be to solve this. I have a vague memory that we might already do it for some unrelated use cases.
I tested the same with a barebones borg command:
borg create --verbose --stats test::archive-{hostname}-{now} /home/julian/gitlab/
, and, as expected, I didn't really get a clear (written) indication from borg that the backup failed. However, the exit code was 1.Thinking about it further...Why not check for the exit code instead? Sure, borgmatic could check permissions on every single file, but that just adds complexity in the end.
From Borg's perspective, exit code 1 is a warning and 2+ is an error. If borgmatic decides to error whenever Borg exits with a code of 1, that will cause many warnings to get elevated to errors. So unfortunately the complexity in borgmatic may be the best option here if we really need some functionality Borg doesn't provide.
Understood.
I may open an issue at the borg repo as well. I could suggest elevating permission errors to 2+.
This should be the relevant section, if I'm not mistaken. Do you think opening each file in huge backups could create some issues down the line?
That would be great. If you do so, feel free to link the issue from here. Borg taking care of this would be a cleaner approach IMO.
Yes, that's the relevant code I was thinking of. I do think there is some performance risk of opening each file recursively, although I could see potentially hiding that behind an option instead of making the recursive opens the default behavior.
Hi. A relevant borg issue on this regarding potential breaking changes to return codes.
I think it would be really helpful to add an option to borgmatic regarding this. Something along the lines of
This could translate directly to this variable, which would probably make implementation easier while not changing default behaviour.
There has to be a way to notify me when a backup did not actually successfully include all files, right?
I'm not sure that would be sufficient for many users given that Borg issues warnings (exit code 1) for many other situations than permission denied. For instance, on
borg create
, Borg returns exit code 1 whenever a file changes while it's being read (assuming that retries that don't take care of that). This can happen on log files or other frequently changing files. And that's just one particular example of Borg's warnings.So the two remaining classes of solutions I can see are:
borg create
to enumerate all source files. Then make sure each one is actually readable. If any are not, error. This has the downside of time-of-check / time-of-use discrepancies. And performance, I guess, but we already pay that cost with a similar approach when looking for special files to auto-exclude.borg create
optimistically, but then optionally (or by default) parse Borg's output to look for permissions denied warnings. If any are found, error. This has the downside of having to parse Borg output, which borgmatic for the most part isn't in the business of doing.I think that #798 is probably the right solution to this issue, so I'll close this ticket (#709) accordingly. The downside is it'll require Borg 1.4.0+ (not yet a stable release at the time of this comment).