Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Custom user/group/chmod of file copied in archive #114

Closed
Fratt opened this issue Jun 24, 2022 · 11 comments · Fixed by #115
Closed

Custom user/group/chmod of file copied in archive #114

Fratt opened this issue Jun 24, 2022 · 11 comments · Fixed by #115
Labels
support Support Requests

Comments

@Fratt
Copy link

Fratt commented Jun 24, 2022
edited
Loading

Hello,

Is it possible to define the user/group/chmod of the file that's copied to /backups ?

It's currently root:root, with chmod -rw-r--r--, but I'm trying to end up with john:john with chmod -rw-r-----

Thanks a lot in advance!
@m90
Copy link
Member

m90 commented Jun 24, 2022

This is probably similar to #36

If your scenario allows changing ownership / permissions after the archive has been copied, I would assume you can run chown/chmod commands in a exec-post command.

@m90 m90 added the support Support Requests label Jun 24, 2022
@Fratt
Copy link
Author

Fratt commented Jun 24, 2022

The problem with exec-post is that I'm backuping multiple volumes from multiple containers at the same time : on which container would I put that exec-post label ?

@m90
Copy link
Member

m90 commented Jun 24, 2022

If I'm not mistaken, you should be able to use a exec-post command on the docker-volume-backup container itself (only 93% sure about the possible side effects of this).

@Fratt
Copy link
Author

Fratt commented Jun 24, 2022
edited
Loading

I tried, but unfortunately the command is ran too early (for my tests, I put the label docker-volume-backup.exec-post=/bin/sh -c 'touch /backups/win')

time="2022-06-24T23:16:23+02:00" level=info msg="Stopping 2 container(s) labeled `docker-volume-backup.stop-during-backup=true` out of 18 running container(s)."
time="2022-06-24T23:16:33+02:00" level=info msg="Created backup of `/backup` at `/tmp/backup-2022-06-24T23-16-23.tar.gz`."
time="2022-06-24T23:16:34+02:00" level=info msg="Restarted 2 container(s) and the matching service(s)."
time="2022-06-24T23:16:34+02:00" level=info msg="Running docker-volume-backup.exec-post command /bin/sh -c 'touch /backups/win' for container backup"
time="2022-06-24T23:16:35+02:00" level=info msg="Encrypted backup using given passphrase, saving as `/tmp/backup-2022-06-24T23-16-23.tar.gz.gpg`."
time="2022-06-24T23:16:35+02:00" level=info msg="Stored copy of backup `/tmp/backup-2022-06-24T23-16-23.tar.gz.gpg` in local archive `/backups`."
time="2022-06-24T23:16:35+02:00" level=info msg="None of 15 existing local backup(s) were pruned."
time="2022-06-24T23:16:35+02:00" level=info msg="Removed tar file `/tmp/backup-2022-06-24T23-16-23.tar.gz`."
time="2022-06-24T23:16:35+02:00" level=info msg="Removed GPG file `/tmp/backup-2022-06-24T23-16-23.tar.gz.gpg`."
time="2022-06-24T23:16:36+02:00" level=info msg="Finished running backup tasks."

Would have worked if exec-post was executed after the encryption with a passphrase

@Fratt
Copy link
Author

Fratt commented Jun 24, 2022

Well I will probably burn in hell, but this did the trick:
docker-volume-backup.exec-post=/bin/sh -c 'sleep 15 && chown 1000:1000 /backups/* && chmod 640 /backups/* &'

@m90
Copy link
Member

m90 commented Jun 25, 2022

Interesting. I wonder if this is to be considered a bug as running the post-commands when applied to the container instance itself doesn't make much sense before GPG encryption and all other optional behavior has happened. Then again people might already rely on that behavior so another option would be adding a specific POST_COMMAND and PRE_COMMAND to the config itself.

I'll have to think about this a little.

@m90
Copy link
Member

m90 commented Jun 29, 2022
edited
Loading

So after that little bit of thinking ™️ this might be the best way to solve this:

Instead of having one docker-volume-backup.exec-[pre|post] label which is very vague, the following labels are introduced:

  • docker-volume-backup.archive-[pre|post]
  • docker-volume-backup.encrypt-[pre|post]
  • docker-volume-backup.copy-[pre|post]
  • docker-volume-backup.prune-[pre|post]

which allows very fine grained control and would also solve the use case described in this issue.

The docker-volume-backup.exec-[pre|post] label is deprecated (it would still work but log a warning) and maps to docker-volume-backup.archive-[pre|post]

Note to self: adding this will make implementing #95 even harder.

@m90
Copy link
Member

m90 commented Jun 29, 2022

@Fratt Not sure how and when this will be merged, but in case you want to test it (escape hell, too) there's a branch that is using the approach described above which you could build yourself and run.

You'd have to use the docker-volume-backup.encrypt-post label instead which should run the command after encryption has happened.

@m90 m90 mentioned this issue Jun 30, 2022
Merged
@Fratt
Copy link
Author

Fratt commented Jun 30, 2022

Thanks @m90 , you're the best!

I'll test it when it's been merged.

@m90 m90 closed this as completed in #115 Jul 10, 2022
@m90
Copy link
Member

m90 commented Jul 10, 2022
edited
Loading

This is now released in v2.20.0

@Fratt
Copy link
Author

Fratt commented Jul 10, 2022

Thank you, I can confirm that everything works as expected using

docker-volume-backup.copy-post=/bin/sh -c 'chown 1000:1000 /backups/* && chmod 640 /backups/*'

My soul has been saved :D

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
support Support Requests
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fine grained labels offen/docker-volume-backup
2 participants
@m90 @Fratt