Bug #10145
Investigate issues related to permissions for backup system
0%
Description
In the process of designing a backup system for the persistent volume we should take into account that all files are not owned by the “amnesia” user. This might lead to a security vs UX trade-offs:
- Do we want the backup tool to run as “root” or as “amnesia”?
- Does this have impact on the UX?
- Does this prevent us from using certain tools that have a good integration in the desktop?
- Is it reasonable not to back up files owned as “root”? For example, loosing the data of the APT features might be considered as ok but maybe not others. Is it ok to loose the NM data? Current folders owned by root in persistence:
- apt
- cups-configuration
- nm-system-connections
- Is it reasonable to grant at least read permissions to “amnesia” on some files owned by “root”? How would restoring these files work then?
Subtasks
Related issues
Related to Tails - |
Resolved | 2015-08-03 | |
Blocks Tails - |
Rejected | 2015-08-03 |
History
#1 Updated by sajolida 2015-09-01 07:47:23
- related to
Bug #9888: Test deja-dup to do backups added
#2 Updated by sajolida 2015-09-01 07:49:04
- Description updated
#3 Updated by sajolida 2015-09-21 03:19:54
- Target version set to 2016
#4 Updated by sajolida 2015-12-01 06:48:28
- Description updated
#5 Updated by sajolida 2016-07-01 11:28:58
- blocks
Feature #9889: Decide a backup solution among possible candidates added
#6 Updated by intrigeri 2016-08-27 09:56:57
- Target version changed from 2016 to 2017
#7 Updated by intrigeri 2016-08-27 10:11:58
- Target version deleted (
2017)
#8 Updated by sajolida 2016-08-30 04:48:41
- Status changed from Confirmed to Resolved
- Assignee deleted (
sajolida)
From the recent discussion we had about this, it seems like backing up only files owned by amnesia would work for a extremelly simple setup (backing up ~/Persistent only) but would quickly be too limiting (for example thinking about keys of onion services from Tails Server).
We also thought that a good UX could be to ask for an administrative password only when hitting files that cannot be copied by the amnesia user.
deja-dup doesn’t know how to do this but elouann said that grsync is doing something like this already.
Marking this research as resolved now.