Investigate issues related to permissions for backup system
In the process of designing a backup system for the persistent volume we should take into account that all files are not owned by the "amnesia" user. This might lead to a security vs UX trade-offs:
- Do we want the backup tool to run as "root" or as "amnesia"?
- Does this have impact on the UX?
- Does this prevent us from using certain tools that have a good integration in the desktop?
- Is it reasonable not to back up files owned as "root"? For example, loosing the data of the APT features might be considered as ok but maybe not others. Is it ok to loose the NM data? Current folders owned by root in persistence:
- Is it reasonable to grant at least read permissions to "amnesia" on some files owned by "root"? How would restoring these files work then?
#8 Updated by sajolida about 3 years ago
- Status changed from Confirmed to Resolved
- Assignee deleted (
From the recent discussion we had about this, it seems like backing up only files owned by amnesia would work for a extremelly simple setup (backing up ~/Persistent only) but would quickly be too limiting (for example thinking about keys of onion services from Tails Server).
We also thought that a good UX could be to ask for an administrative password only when hitting files that cannot be copied by the amnesia user.
deja-dup doesn't know how to do this but elouann said that grsync is doing something like this already.
Marking this research as resolved now.