Duplicacy File Permissions for Chunks (Docker)

hhugo3711 · 17 April 2025 08:55

Hello, i am using the docker image from saspus on an Unraid system. I am backing up my immich library regularly to a share on unraid. Additionally i would like to mirror once a week all the chunks to my old synology nas for a secondary backup. Since i dont want the nas to be running all the time i set it to just turn on once a week, then the ActivBackupforBusiness App copies over SMB all the chunks to the NAS.

My problem is, that the chuncks (and btw. also the logs) created by the docker are only visible to the owner and not to the group, so the NAS can only access them after i manually chown them. The UserID and GroupID in the Docker template are set to 99 and 100. Is there another option? Or should i just run a script which regularly chown’s them?

PS: I am new to Duplicacy and only have basic knowledge on Unraid and Docker.

saspus · 17 April 2025 16:14

Container runs linux. So the behavior would be consistent with that.

When a process creates a file, group ownership of the created file is set to the primary group of the user running the process. However, if the directory where the file is created has “setgid” permission bit set, the new file will inherit group ownership of that directory regardless of user’s primary group.

Things will get more complex if you Unraid runs AppArmor, and while I don’t have experience with it, similar technology SELinux introduces the whole new namespace for containers, and user and group IDs on the host and inside the container don’t intentionally match. But we can open that can of worms later.

hhugo3711 · 17 April 2025 19:10

Ok, so that means its not intended that the chunks are only readable by the user or? I tried to set the setgid permission with chmod g+s on the folder recursively. Both the main folder and the chunks folder have the permissions drwxrwsrwx. The created subfolders of chunks then get the permissions drwxr-Sr-- and the chunks -rw-r–r–. Each file and folder has the owner nobody and the group users and the user witch whom i try to access is also in the group users but i still cant see the chunk files from my windows pc. Are the three “r” in the permission not standing for read only so shouldnt i be able to see them? Am i missing something?

saspus · 17 April 2025 21:39

Yes, third r is “world readable”, so you should be able to read them. Is AppArmor active? Try turning it off to see if it makes any difference as a test.

hhugo3711 · 18 April 2025 05:47

I have never installed AppArmor and the command apparmor_status does return command not found… As I am understanding the culprit is the uppercase S in the chunk folders permissions drwxr-Sr-- since it means that the folders are readable which is passed on to the files in them but they are not “executable” so i cant traverse to the subfolders/files. But i dont get it why those subfolders all get created with this uppercase S…
Another idae: Since the subfolders are hexadecimal 00 to ff there are only 256 in total. So if i create all of those folders in advance and set the permissions accordingly, all future chunks should be in those folders and i should be available to see them… you think this would work?
Thanks for the help!

saspus · 18 April 2025 15:07

You don’t need execute bit. “r” is enough.

Check maybe you have ACLs enabled on the directory?

Ids there a “+” in the end of permission list in the output of ls -al <path tho folder>?

If so, you either need to configure permission with ACLs or remove them with setfacl -Rbn …