I'm using the Duplicati AUR package to perform my backup tasks, but I believe my question is more general as it basically boils down to user rights.
The Duplicati package provides a unit file that starts the service that handles the backup engine, and that process runs under the
In the set of folders that I want to backup, I have added my home folder (
/home/obones) the common user files (
/files) and the entire
/etc tree as I'd rather not loose the configuration of various system elements.
While this works fine for most elements, the service complains that it cannot access my home folder and a few items inside
Looking at the access rights for my home folder, it makes perfect sense because it is set to
drwx------ which clearly means that the
duplicati user cannot read anything in here.
I could edit the service file to have the process run under the
root account, but I'm not too happy giving the keys of the castle to a service.
Further to this, I appreciate having the ability to identify which files were created/modified by the engine during its work by simply looking at files created/owned by the
Would there be a way to give the
duplicati user super powers while keeping from being able to modify anything but its own files?
I have read about capability bounding sets on the fail2ban wiki page here: https://wiki.archlinux.org/index.php/Fail2ban#Service_hardening
But I'm not sure I could use those options to do the opposite of what's described in the page, that is give more powers to a given user/process.
Thanks a lot for any suggestion.