Compare commits

...

2 Commits

Author SHA1 Message Date
librelad
3d7fc0a3f6 Merge claude/2 2026-05-23 18:23:03 +01:00
librelad
3a1cd8464e fix(backup): make captured file staging readable by the backup user
The container capture preserved the app's ownership (e.g. www-data 0640), so
restic still hit permission denied on the staging copy. chown the staging tree
to the backup user after capture (modes unchanged, so the owner reads fine);
real ownership is reapplied from the descriptor on restore.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Signed-off-by: librelad <librelad@digitalangels.vip>
2026-05-23 18:23:03 +01:00

View File

@ -78,6 +78,13 @@ backupFilesCapture()
mkdir -p "$stage"
# Read in the container's namespace, write the plain tree to staging.
if docker exec "$container" tar -C "$cpath" -cf - . 2>/dev/null | tar -xf - -C "$stage" 2>/dev/null; then
# The capture preserves the app's ownership (e.g. www-data, 0640),
# which the backup user still couldn't read. Hand the staging tree to
# the backup user so restic can read it; modes are unchanged, so the
# owner can now read everything. Real ownership is reapplied from the
# descriptor on restore.
chown -R "$docker_install_user":"$docker_install_user" "$stage" 2>/dev/null \
|| sudo chown -R "$docker_install_user":"$docker_install_user" "$stage" 2>/dev/null
isSuccessful "captured $subdir ($(du -sh "$stage" 2>/dev/null | cut -f1))"
else
isError "capture of $subdir from $container failed"