Archive files permissions, extra logging

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Archive files permissions, extra logging

duplicity-talk mailing list
Is there a way to change the permissions for the archive files created by
duplicity? It looks to me like this is hardcoded into the duplicity as
there is

def do_backup(action)
   ...
   os.umask(0o77)
   ...

so it always creates the files with 600 (only user read/write),


Extra logging in the

def list_current(col_stats):
        ...
             user_info = u"%s %s %s" % (dup_time.timetopretty(path.getmtime()),
                                     path.type,
                                     util.ufn(path.get_relative_path()))
             log_info = "%s %s %s" % (dup_time.timetostring(path.getmtime()),
                                     util.escape(path.get_relative_path()),
                                      path.type)
             log.Log(user_info, log.INFO, log.InfoCode.file_list,
                     log_info, True)


but I did not found how to achieve the log_info to be printed. I can not
make sens out of log.Log function "extra" argument...

Thanks for hints.

Adam Pribyl

_______________________________________________
Duplicity-talk mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/duplicity-talk
Reply | Threaded
Open this post in threaded view
|

Re: Archive files permissions, extra logging

duplicity-talk mailing list
On 11/10/2020 9:14, Adam Pribyl via Duplicity-talk wrote:
> Is there a way to change the permissions for the archive files created by duplicity? It looks to me like this is hardcoded into the duplicity as there is
>
> def do_backup(action)
>   ...
>   os.umask(0o77)
>   ...
>
> so it always creates the files with 600 (only user read/write),

sounds reasonable as we do not want temporary/cache files created which potentially contain private data that are readable to anybody else. why would anybody else then the duplicity user who created them need access to these files?

>
> Extra logging in the
>
> def list_current(col_stats):
>        ...
>             user_info = u"%s %s %s" % (dup_time.timetopretty(path.getmtime()),
>                                     path.type,
>                                     util.ufn(path.get_relative_path()))
>             log_info = "%s %s %s" % (dup_time.timetostring(path.getmtime()),
>                                     util.escape(path.get_relative_path()),
>                                      path.type)
>             log.Log(user_info, log.INFO, log.InfoCode.file_list,
>                     log_info, True)
>
>
> but I did not found how to achieve the log_info to be printed. I can not make sens out of log.Log function "extra" argument...
>

did you try raising verbosity to 'info' as described on http://duplicity.nongnu.org/vers8/duplicity.1.html ?

"
--verbosity level, -vlevel
Specify output verbosity level (log level). Named levels and corresponding values are 0 Error, 2 Warning, 4 Notice (default), 8 Info, 9 Debug (noisiest).
level may also be
a character: e, w, n, i, d
a word: error, warning, notice, info, debug
The options -v4, -vn and -vnotice are functionally equivalent, as are the mixed/upper-case versions -vN, -vNotice and -vNOTICE.
"

..ede/duply.net
_______________________________________________
Duplicity-talk mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/duplicity-talk
Reply | Threaded
Open this post in threaded view
|

Re: Archive files permissions, extra logging

duplicity-talk mailing list
On Tue, 10 Nov 2020, edgar.soldin--- via Duplicity-talk wrote:

> On 11/10/2020 9:14, Adam Pribyl via Duplicity-talk wrote:
>> Is there a way to change the permissions for the archive files created by duplicity? It looks to me like this is hardcoded into the duplicity as there is
>>
>> def do_backup(action)
>>   ...
>>   os.umask(0o77)
>>   ...
>>
>> so it always creates the files with 600 (only user read/write),
>
> sounds reasonable as we do not want temporary/cache files created which
> potentially contain private data that are readable to anybody else. why
> would anybody else then the duplicity user who created them need access
> to these files?
Maybe I did not used the proper naming for "archive files" - for duplicity
cache it is probably ok, but for backup files..  I'd like to e.g. have a
group of users able to extract the files from backups, but I have to
post-process the archives to add them group readability at least.

>>
>> Extra logging in the
>>
>> def list_current(col_stats):
>>        ...
>>             user_info = u"%s %s %s" % (dup_time.timetopretty(path.getmtime()),
>>                                     path.type,
>>                                     util.ufn(path.get_relative_path()))
>>             log_info = "%s %s %s" % (dup_time.timetostring(path.getmtime()),
>>                                     util.escape(path.get_relative_path()),
>>                                      path.type)
>>             log.Log(user_info, log.INFO, log.InfoCode.file_list,
>>                     log_info, True)
>>
>>
>> but I did not found how to achieve the log_info to be printed. I can not make sens out of log.Log function "extra" argument...
>>
>
> did you try raising verbosity to 'info' as described on http://duplicity.nongnu.org/vers8/duplicity.1.html ?
Yes, I did play with verbosity. Maybe I expect something different to
happen, but the line with the file listed via the list-current-files
remains the same. I thought it would add this extra info to eache line.

> ..ede/duply.net

Thanks anyway

Adam Pribyl
_______________________________________________
Duplicity-talk mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/duplicity-talk
Reply | Threaded
Open this post in threaded view
|

Re: Archive files permissions, extra logging

duplicity-talk mailing list
On 11/10/2020 11:53, Adam Pribyl via Duplicity-talk wrote:

> On Tue, 10 Nov 2020, edgar.soldin--- via Duplicity-talk wrote:
>
>> On 11/10/2020 9:14, Adam Pribyl via Duplicity-talk wrote:
>>> Is there a way to change the permissions for the archive files created by duplicity? It looks to me like this is hardcoded into the duplicity as there is
>>>
>>> def do_backup(action)
>>>   ...
>>>   os.umask(0o77)
>>>   ...
>>>
>>> so it always creates the files with 600 (only user read/write),
>>
>> sounds reasonable as we do not want temporary/cache files created which potentially contain private data that are readable to anybody else. why would anybody else then the duplicity user who created them need access to these files?
>
> Maybe I did not used the proper naming for "archive files" - for duplicity cache it is probably ok, but for backup files..  I'd like to e.g. have a group of users able to extract the files from backups, but I have to post-process the archives to add them group readability at least.

i see. creating backup files with a user selectable umask would be a sensible feature request. maybe you want to request or even contribute it?
https://gitlab.com/duplicity/duplicity

making the mask only apply to the backup volumes generated would be a little bit more elaborate than just setting the umask for the whole process though.

>>>
>>> Extra logging in the
>>>
>>> def list_current(col_stats):
>>>        ...
>>>             user_info = u"%s %s %s" % (dup_time.timetopretty(path.getmtime()),
>>>                                     path.type,
>>>                                     util.ufn(path.get_relative_path()))
>>>             log_info = "%s %s %s" % (dup_time.timetostring(path.getmtime()),
>>>                                     util.escape(path.get_relative_path()),
>>>                                      path.type)
>>>             log.Log(user_info, log.INFO, log.InfoCode.file_list,
>>>                     log_info, True)
>>>
>>>
>>> but I did not found how to achieve the log_info to be printed. I can not make sens out of log.Log function "extra" argument...
>>>
>>
>> did you try raising verbosity to 'info' as described on http://duplicity.nongnu.org/vers8/duplicity.1.html ?
>
> Yes, I did play with verbosity. Maybe I expect something different to happen, but the line with the file listed via the list-current-files remains the same. I thought it would add this extra info to eache line.
>
>> ..ede/duply.net
>
> Thanks anyway
>

you are right, it's not even shown with -v9. looks like a bug. ..ede/duply.net

_______________________________________________
Duplicity-talk mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/duplicity-talk
Reply | Threaded
Open this post in threaded view
|

Re: Archive files permissions, extra logging

duplicity-talk mailing list
Hi,

The umask call has been removed in commit 480dc695, which will be out soon in 0.8.17 for a different issue.  Duplicity will use the user's umask.

How about a shell process after backup to fixup the backups you share?

...Ken


On Tue, Nov 10, 2020 at 7:04 AM edgar.soldin--- via Duplicity-talk <[hidden email]> wrote:
On 11/10/2020 11:53, Adam Pribyl via Duplicity-talk wrote:
> On Tue, 10 Nov 2020, edgar.soldin--- via Duplicity-talk wrote:
>
>> On 11/10/2020 9:14, Adam Pribyl via Duplicity-talk wrote:
>>> Is there a way to change the permissions for the archive files created by duplicity? It looks to me like this is hardcoded into the duplicity as there is
>>>
>>> def do_backup(action)
>>>   ...
>>>   os.umask(0o77)
>>>   ...
>>>
>>> so it always creates the files with 600 (only user read/write),
>>
>> sounds reasonable as we do not want temporary/cache files created which potentially contain private data that are readable to anybody else. why would anybody else then the duplicity user who created them need access to these files?
>
> Maybe I did not used the proper naming for "archive files" - for duplicity cache it is probably ok, but for backup files..  I'd like to e.g. have a group of users able to extract the files from backups, but I have to post-process the archives to add them group readability at least.

i see. creating backup files with a user selectable umask would be a sensible feature request. maybe you want to request or even contribute it?
https://gitlab.com/duplicity/duplicity

making the mask only apply to the backup volumes generated would be a little bit more elaborate than just setting the umask for the whole process though.

>>>
>>> Extra logging in the
>>>
>>> def list_current(col_stats):
>>>        ...
>>>             user_info = u"%s %s %s" % (dup_time.timetopretty(path.getmtime()),
>>>                                     path.type,
>>>                                     util.ufn(path.get_relative_path()))
>>>             log_info = "%s %s %s" % (dup_time.timetostring(path.getmtime()),
>>>                                     util.escape(path.get_relative_path()),
>>>                                      path.type)
>>>             log.Log(user_info, log.INFO, log.InfoCode.file_list,
>>>                     log_info, True)
>>>
>>>
>>> but I did not found how to achieve the log_info to be printed. I can not make sens out of log.Log function "extra" argument...
>>>
>>
>> did you try raising verbosity to 'info' as described on http://duplicity.nongnu.org/vers8/duplicity.1.html ?
>
> Yes, I did play with verbosity. Maybe I expect something different to happen, but the line with the file listed via the list-current-files remains the same. I thought it would add this extra info to eache line.
>
>> ..ede/duply.net
>
> Thanks anyway
>

you are right, it's not even shown with -v9. looks like a bug. ..ede/duply.net

_______________________________________________
Duplicity-talk mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/duplicity-talk

_______________________________________________
Duplicity-talk mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/duplicity-talk
Reply | Threaded
Open this post in threaded view
|

Re: Archive files permissions, extra logging

duplicity-talk mailing list
On Tue, 10 Nov 2020, Kenneth Loafman via Duplicity-talk wrote:

> Hi,
>
> The umask call has been removed in commit 480dc695, which will be out soon
> in 0.8.17 for a different issue.  Duplicity will use the user's umask.

Using users/system umask is the best approach.

> How about a shell process after backup to fixup the backups you share?

Thats what I am doing now.

> ...Ken
>
>
> On Tue, Nov 10, 2020 at 7:04 AM edgar.soldin--- via Duplicity-talk <
> [hidden email]> wrote:
>
>> On 11/10/2020 11:53, Adam Pribyl via Duplicity-talk wrote:
>>> On Tue, 10 Nov 2020, edgar.soldin--- via Duplicity-talk wrote:
>>>
>>>> On 11/10/2020 9:14, Adam Pribyl via Duplicity-talk wrote:
>>>>> Is there a way to change the permissions for the archive files created
>> by duplicity? It looks to me like this is hardcoded into the duplicity as
>> there is
>>>>>
>>>>> def do_backup(action)
>>>>>   ...
>>>>>   os.umask(0o77)
>>>>>   ...
>>>>>
>>>>> so it always creates the files with 600 (only user read/write),
>>>>
>>>> sounds reasonable as we do not want temporary/cache files created which
>> potentially contain private data that are readable to anybody else. why
>> would anybody else then the duplicity user who created them need access to
>> these files?
>>>
>>> Maybe I did not used the proper naming for "archive files" - for
>> duplicity cache it is probably ok, but for backup files..  I'd like to e.g.
>> have a group of users able to extract the files from backups, but I have to
>> post-process the archives to add them group readability at least.
>>
>> i see. creating backup files with a user selectable umask would be a
>> sensible feature request. maybe you want to request or even contribute it?
>> https://gitlab.com/duplicity/duplicity
>>
>> making the mask only apply to the backup volumes generated would be a
>> little bit more elaborate than just setting the umask for the whole process
>> though.
>>
>>>>>
>>>>> Extra logging in the
>>>>>
>>>>> def list_current(col_stats):
>>>>>        ...
>>>>>             user_info = u"%s %s %s" %
>> (dup_time.timetopretty(path.getmtime()),
>>>>>                                     path.type,
>>>>>                                     util.ufn(path.get_relative_path()))
>>>>>             log_info = "%s %s %s" %
>> (dup_time.timetostring(path.getmtime()),
>>>>>
>> util.escape(path.get_relative_path()),
>>>>>                                      path.type)
>>>>>             log.Log(user_info, log.INFO, log.InfoCode.file_list,
>>>>>                     log_info, True)
>>>>>
>>>>>
>>>>> but I did not found how to achieve the log_info to be printed. I can
>> not make sens out of log.Log function "extra" argument...
>>>>>
>>>>
>>>> did you try raising verbosity to 'info' as described on
>> http://duplicity.nongnu.org/vers8/duplicity.1.html ?
>>>
>>> Yes, I did play with verbosity. Maybe I expect something different to
>> happen, but the line with the file listed via the list-current-files
>> remains the same. I thought it would add this extra info to eache line.
>>>
>>>> ..ede/duply.net
>>>
>>> Thanks anyway
>>>
>>
>> you are right, it's not even shown with -v9. looks like a bug. ..ede/
>> duply.net
>>
>> _______________________________________________
>> Duplicity-talk mailing list
>> [hidden email]
>> https://lists.nongnu.org/mailman/listinfo/duplicity-talk
>>
>



_______________________________________________
Duplicity-talk mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/duplicity-talk