search

ttionya / vaultwarden-backup

Backup vaultwarden (formerly known as bitwarden_rs) SQLite3/PostgreSQL/MySQL/MariaDB database by rclone. (Docker)
MIT License
956 stars 113 forks source link

Configuration permission issues - unable to access rclone config file #122

Open n-hass opened 11 months ago

n-hass commented 11 months ago

Hello

I am encountering some strange issues with permissions. Whether I use my userns keep-id or as root 0:0, I can create and view a config with podman run but cannot run the backup script.

IE, this reveals my valid config:

podman run --user 0:0 -v /etc/localtime:/etc/localtime:ro -v /home/servhost/vw-server/vw-data:/bitwarden/data -v /home/servhost/vw-server/backups/backup-service-config:/config/ -v /tank/vaultwarden-backups:/tank-backup-repo --env-file /home/servhost/vw-server/.env.backup-service -it docker.io/ttionya/vaultwarden-backup:latest rclone config

and then the same command dropping the -it and rclone config, fails with config not found:

podman run --user 0:0 -v /etc/localtime:/etc/localtime:ro -v /home/servhost/vw-server/vw-data:/bitwarden/data -v /home/servhost/vw-server/backups/backup-service-config:/config/ -v /tank/vaultwarden-backups:/tank-backup-repo --env-file /home/servhost/vw-server/.env.backup-service docker.io/ttionya/vaultwarden-backup:latest

If I also do -it —entrypoint sh, i can go to the config dir and access the rclone.conf file.

Why might the backup script be the only thing not able to access the rclone config?

n-hass commented 11 months ago

For some reason not using an environment file and using direct env values in the podman run command fixes this and it runs like normal… confusing :/

Worth noting there must be something fragile about the way env files are handled.

ttionya commented 11 months ago

I attempted to reproduce the issue but wasn't successful. Could you provide the environment variables starting with RCLONE_ from the env file? Additionally, it would be helpful if you could provide the error log.

Furthermore, if your error message is rclone configuration information not found, it's related only to RCLONE_REMOTE_NAME. You can enter the container to confirm the value of the RCLONE_REMOTE_NAME environment variable. By default, it's BitwardenBackup. You can also use the command rclone config show "${RCLONE_REMOTE_NAME:-"BitwardenBackup"}" to ensure that the rclone configuration is correctly retrieved.

Fiestaman commented 11 months ago

I also had the same issue as @n-hass. However, instead of using direct env values like he did, I directly mounted the .env file to /.env and removed the --env-file flag. Then, everything loaded as it should. Something isn't getting read correctly when using the --env-file flag.

ttionya commented 11 months ago

I compared the differences between using --env-file and mounting the .env file to /.env.

When the environment variable values in the .env file include quotes (' and ", example A='xxx'), using --env-file results in the program getting the value as 'xxx', whereas when mounted to /.env, the program retrieves the value as xxx. (This is the conclusion I've reached on my Windows computer. I need to further validate if it's the same on Linux. I obtained the same result on both Windows and Linux.)

I would like to get more information, especially the output of environment variables, to help troubleshoot the issue.

Fiestaman commented 10 months ago

I compared the differences between using --env-file and mounting the .env file to /.env.

When the environment variable values in the .env file include quotes (' and ", example A='xxx'), using --env-file results in the program getting the value as 'xxx', whereas when mounted to /.env, the program retrieves the value as xxx. (~This is the conclusion I've reached on my Windows computer. I need to further validate if it's the same on Linux.~ I obtained the same result on both Windows and Linux.)

After you mentioned this, I did go back and try loading the .env as --env-file and can replicate your findings. I had some single quote entries that were read in with the quotes.

I would like to get more information, especially the output of environment variables, to help troubleshoot the issue.

What information are you seeking and how can I help provide it to help you with further troubleshooting?

ttionya commented 10 months ago

@Fiestaman ,

I need to confirm if the problem is caused by the improper removal of quotation marks around the environment variable values when using --env-file.

If possible, please provide the log information related to environment variables. They should be separated by yellow ============= and look like key-value pairs, for example: RCLONE_REMOTE: BitwardenBackup:/BitwardenBackup.

Unfortunately, even if we have confirmed that the issue is caused by quotation marks, there are limited actions this tool can take. I believe the best course of action would be to include a reminder in the README, advising users not to use the --env-file method for importing environment variables when quotation marks are present in the environment variable values.

While it might be tempting to simply remove leading and trailing quotation marks from the values of environment variables, what should the tool do if a user's environment variable is ENV='"ABC"'? Handling such cases could introduce complexity and potential errors. Therefore, avoiding the use of --env-file when quotation marks are involved appears to be the safest option.