Hi all, I have a question regarding Duplicati. It’s the software I use for my data backups.
Up until now I was having it run as root, but knowing that this might not be ideal, I tried to change it today. Since they don’t provide an official package for us, I am using this AUR package, version 2.0.6.100_canary_2021-08-11 (the latest one atm).
By default, the service in this package runs as duplicati user, but the thing is that this user does not have access to my personal user’s (chuhtra) home folder, which is an issue for my use case.
I have tried running the service as root, as duplicati and as chuhtra. I have also tried adding duplicati user to the chuhtra group and vice versa, while also giving rwx permissions to both groups for the chuhtra home folder. In every try, some aspect (mainly about restoring data) wouldn’t work, except from when using root. The issues faced so far (i think) are about this, this and just not having access to local files in the first place.
Up until now, I have moved forward by reading this post and this comment.
I have the following questions for anyone with some insight:
- Is it OK to run Duplicati as
root, even though it’s an AUR package that is expected not to, just because it’s a systemd service?
- Is there some other way of using the default
duplicati user, that is safer?
- How can I check if Duplicati runs as
root for other distros (officially supported)?
- Have you used Duplicati yourselves? If yes, what’s been your experience?
Thank you.
No. You already knew the answer. There’s a system and user service.
Thanks for your quick reply. Yeah, I asked cause I kinda knew 
I wasn’t aware of the user service, thank you. Having said that, I wasn’t able to solve my issue even with this.
The user service was so far unloaded. I deactivated the system service and activated the user one. I then checked and the system service couldn’t also be activated (it was failing, probably because it has the same name?). So Duplicati opened up seemingly functional running as chuhtra user, but I still was met with this, as before.
Did I do anything wrong?
Just an update,
Searching around, I saw that a very relevant conversation has already taken place 4 years ago, in the comment section of the AUR package I use. I’ll add links here for anyone interested:
All in all, the maintainers had said that if somebody wants to run duplicati as root, he can, but a more secure default is to create a specified backup group and add both personal and duplicati users in it.
Thus, if I want to use it with non-root privileges, I have to check why my initial tries were unsuccessful as they were on the right path. When I find a solution, I will post it here and close the thread. In the meantime, any input is welcome.
Having retried the users/groups permissions approach: Setups where Import backup configuration task definitely doesn’t work:
- Simply running the duplicati.user service
- Simply running the systemd service as duplicati user
- Simply running the systemd service as chuhtra user
- Adding chuhtra user to duplicati group and running duplicati.user service
- Using either service after adding duplicati user to chuhtra group, and
chmod g+rw to home holder.
Between these tries I used sudo systemctl daemon-reload and systemctl restart duplicati just to be sure. I can’t allocate any more time into this. I hope it’s a duplicati bug (aka destined to be fixed), so I can move away from running it unsafely in the future.