Closed Schroedingers-Cat closed 1 year ago
rawtaz
commented
1 year ago I have not read all you wrote, but the value for OPTIONS in your compose file has one argument, not two. You should put a space between the --private-repos and --append-only parts in the current --private-repos--append-only you have there.
Schroedingers-Cat
commented
1 year ago I already tried that. I should have included that in my bug report but didn't want to increase the noise since I found an issue here that suggested to not use a whitespace as separator for the flags.
Anyway, here's what happens with the environment section reading - OPTIONS="--private-repos --append-only":
Attaching to rest_server
rest_server | 2023/01/06 23:37:25 error: unknown flag: --append-only"
rest_server exited with code 1When changing the environment section to - OPTIONS="--append-only --private-repos", the output is basically vice versa:
Attaching to rest_server
rest_server | 2023/01/06 23:39:06 error: unknown flag: --private-repos"
rest_server exited with code 1Lemme try this and get back to you unless someone else beats me to it :)
rawtaz
commented
1 year ago It's just a syntax error in your compose file. The quotes around the arguments for OPTIONS are included in the value (Compose don't use quotes to delimit the value), so you need to remove them. Personally I always use the VAR: VALUE syntax instead of the VAR=VALUE one for reasons explained on the Internet, but whichever floats your boat. Regardless, just remove the quotes for starters so the value is just --append-only --private-repos instead of "--append-only --private-repos".
Schroedingers-Cat
commented
1 year ago Thanks a lot, removing the " from the OPTIONS-line fixed the issue and the flags are becoming effective.
Output of
rest-server --versionHow did you run rest-server exactly?
The
docker-compose.yamlis:The files in
/home/restic/dataare owned by UID 1003 including the.htpaswd. The container is being started withdocker-compose up. A user with a password has been created via the suggested way. That user (on a client machine) then proceeds to create a repo calledtestwith the urlrest:http://user:pass@servername:450/test.What backend/server/service did you use to store the repository?
Ubuntu Server 18.04.05 and Docker version 20.10.12.
Expected behavior
I'd expect the output to look like this:
The
Private repositoriesshould readenabled.Also note the last line when the server receives a call from the client to create a new repo
test. I'd expect the server to deny access to the userusersince the access request didn't include the user's directory as explained in https://github.com/restic/rest-server#usage.Actual behavior
What actually happens is this:
The server seems to ignore the private repos flag and allows the user
userto create a repo outside of theuserdirectory.Steps to reproduce the behavior
Just use the docker-file from above as repro-case. You might want to create a user with the UID 1003 or change that UID to an existing user on your system. Same for the
data/.htpasswdfile and its ownership.Do you have any idea what may have caused this?
Possibly the use of the
OPTIONS-variable could be wrong since the expected formatting isn't documented. I had to dig through this repo's issues to guesstimate how it should be used, so that's likely a source for misunderstandings and outdated info.It could also be just a bug. I think this is most likely the case since the server usually logs when it didn't recognize a flag which means it did recognize the
--private-reposflag but failed to apply it.Do you have an idea how to solve the issue?
Including a usage example for the OPTIONS variable in the README.md might help.
Did rest-server help you today? Did it make you happy in any way?
Absolutely! The server's
append-onlymode seems to be a great way for protecting previous backups from bad things happening on a client machine.