I have Duplicati (latest) running on Raspberry Pi OS (Bookworm, latest) with a docker container.
I want to use Duplicati to back up all my docker-related directories (compose files + volumes). All these folders/files are located within the home directory /home/username
:
/username
/docker
/compose
/app/compose.yaml
/volumes
/app/various created volume files
If I accept the standard - PUID=1000; - PGID=1000
as suggested in the compose file for Duplicati, I run into access errors for all volumes for installed apps simply because they are not owned by the user. Some folders/files are owned by root, others by some other user created by the app (e.g., PiHole). I get warning errors, of which the following is an example:
2024-10-28 23:52:29 +00 - [Warning-Duplicati.Library.Main.Operation.Backup.FileEnumerationProcess-FileAccessError]: Error reported while accessing file: /source/home/username/docker/volumes/adguard/work/data/
UnauthorizedAccessException: Access to the path '/source/home/username/docker/volumes/adguard/work/data' is denied.
If I ignore UID:GID settings, Duplicati runs as a default 911:911, which seems to be the docker group. However, this group does not have access privileges to the folders/files within the username directory so a backup task cannot be created because no source subfolders are visible.
If I specify UID:GID of 0:0 (i.e., root), there are no access issues and the entire filesystem is accessible. But this seems a bit extreme, perhaps with security implications. There are very few other posts on this topic; the duplicati image is different from linuxserver’s and does not use what seems to be a linuxserver specification of UID:GID 1000:1000.
I cannot change the ownership of folders/files within the app-created volumes without running into other problems. So is it root acess after all?
I’d appreciate some advice.
Thanks,
Ric