From 18e692ffbb7a1dd6e51e8fdc181f687a991d0d22 Mon Sep 17 00:00:00 2001 From: librelad Date: Tue, 26 May 2026 21:56:43 +0100 Subject: [PATCH] fix(backup): reset HOME when dropping to the backup user in runBackupOp MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit runBackupOp dropped privileges to $docker_install_user with `sudo -E`, which preserves the CALLER's environment — including HOME. The caller is the manager (libreportal), so restic-running-as-dockerinstall ended up with HOME=/home/libreportal and tried to mkdir `/home/libreportal/.cache/restic` for its cache. dockerinstall can't write into libreportal's home, so every backup ran with: unable to open cache: mkdir /home/libreportal/.cache/restic: permission denied twice (once in backup, once in the verify-via-scratch-restore step), with restic falling back to a no-cache run that's a few × slower than it should be. Add `-H` (sudo's "reset HOME to target user's home"). Now restic sees HOME=/home/dockerinstall, creates ~/.cache/restic there (dockerinstall owns its own home, no help needed), and the warning is gone. Confirmed live: a `backup app create linkding` round-trip is silent on cache, and the dir lands at /home/dockerinstall/.cache/restic, mode 0700, correctly owned. All restic/borg/kopia calls funnel through runBackupOp, so this single character fix covers every backup-tool invocation. Co-Authored-By: Claude Opus 4.7 Signed-off-by: librelad --- scripts/docker/command/run_privileged.sh | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/scripts/docker/command/run_privileged.sh b/scripts/docker/command/run_privileged.sh index 9f364b2..53d7a80 100644 --- a/scripts/docker/command/run_privileged.sh +++ b/scripts/docker/command/run_privileged.sh @@ -82,8 +82,13 @@ runInstallWrite() { # password and BORG_/RESTIC_/KOPIA_ env vars reach the tool. Never root — the # scoped sudoers lets the manager drop to this user. Single funnel so the # backup subsystem's privilege drop has one audit point. +# -H resets HOME to the target user's so restic finds (or creates) its cache +# under /home/$docker_install_user/.cache/restic instead of inheriting the +# manager's HOME (which dockerinstall can't write into, surfacing as +# "unable to open cache: mkdir /home/libreportal/.cache/restic: permission denied" +# on every backup). runBackupOp() { - sudo -E -u "$docker_install_user" "$@" + sudo -E -H -u "$docker_install_user" "$@" } # Run one of the ROOT-OWNED LibrePortal helpers installed (root:root 0755) under