Can I switch between root and non-root user when creating archives?

[rikrdo89]

I have a repo that I created using my local user account (non-root) and I have been creating archives automatically without issues by using my user crontab. Recently, I modified my shell script to be able to mount and unmount my external HDD during a borg backup, and unfortunately, that requires root privileges. I was about to run my script as root, but I remembered reading something about permission issues when mixing root and non-root accounts, thus I wanted to ask if creating an archive as a root user in this case would lead to issues? or what would happen if I went ahead with it?

[ThomasWaldmann]

The process that accesses the repository files (which is borg serve if you run client/server or borg create if you do not use a ssh:// repo) creates files inside the repository directory. And these files will be owned by the user/group of that process.

If you later access these files and you use the same user, there won't be a problem as you will have permissions. But if you use a different user, you usually won't have permissions (the only exception being root as root is always permitted to access everything).

So the advice is to always use the same user to access a repo. For a client/server setup this usually is no problem as long as you use the same ssh://borg@reposerver/... url. For a local repo you either must remember to always access using the same user or you can do a small trick by setting it up as if it was remote, by using ssh://borg@localhost/... as repo URL - then (as long as you use that URL) it will always access the repo files as user borg, no matter which user you use to run the borg client.

[rikrdo89]

thanks @ThomasWaldmann for this explanation. It looks like I should stick to the same user if I want to avoid permission problems down the line. Then, I should find another way to mount/unmount my HDD before/after my borg backup is run (please let me know if you have any suggestions).

Also a related question, if I had a second user creating archives to the same repository, and this user has the same read/write permissions (part of the same group with read/write perms) as my local user, would there be any issues creating archives? Would the files coming from these two users be deduplicated as long as either user has read/write privileges to the same borg repo?

[ThomasWaldmann]

mount: you could just do the mounting / umounting as root (sudo!?) and run borg as user.

whether different users can r/w their files depends on the umask being set (which determines the mode of newly created files). The files need to have rw-rw---- mode, thus the umask should be 0007 for that purpose.

yes, everything written to same borg repository will automatically get deduplicated.

[rikrdo89]

thanks @ThomasWaldmann, agreed the mounting has to be done as root and running borg as user, but I was looking for a way to do both in one script so I can run it as sudo crontab. (i.e. mount a drive as sudo, run borg as user, unmount drive as sudo).

[paddylandau]

… the mounting has to be done as root

Have you considered using udisksctl? On my distro (Ubuntu), it doesn't need root.