Pre-backup BTRFS snapshot on Synology

The Synology system requires a sudo to run the btrfs executable. I intend to take a btrfs snapshot of folders before backing them up, then backup the snapshot, then remove the btrfs snapshot. Is there a way to do this in a pre/post-backup script that will actually work? I am using the web UI to create the backup job but have gone in and added the scripts to the scripts folder in the appropriate repository. Now the backup always fails due to the script exit code (which is 1 due to insufficient permissions to call the btrfs executable. I would prefer to run this under the :d: service account that will be running the job for the web UI and not have it be an admin user. Thoughts?

You can allow non-privilegded user to run specific command via sudo – see man sudoers. Example: duplicacy_web_user ALL=(ALL) NOPASSWD: /sbin/btrfs subvolume snapshot -r /volume1/share /volume1/Data/dupliacy_snapshot

Note, that matches is by full command with arguments so you would want to keep the same path. Or make a batch file with no write permissions for anyone but root.

1 Like

Sweet! I did not know that you could use sudoers to restrict the user to a certain executable path rather than all or none. Thanks @saspus

So I added this to sudoers:

duplicacyuser ALL=(ALL) NOPASSWD: /sbin/btrfs subvolume snapshot -r /volume1/test /volume1/DuplicacyFolder

and have this in the pre-backup script:

btrfs subvolume snapshot -r /volume1/test /volume1/DuplicacyFolder

And when I run the backup job I get this:

2021-02-08 16:42:13.834 INFO SCRIPT_RUN Running script /volume1/homes/duplicacyuser/.duplicacy-web/repositories/localhost/0/.duplicacy/scripts/pre-backup
2021-02-08 16:42:14.453 INFO SCRIPT_OUTPUT ERROR: cannot snapshot '/volume1/test': Operation not permitted
2021-02-08 16:42:14.453 INFO SCRIPT_OUTPUT Create a readonly snapshot of '/volume1/test' in '/volume1/DuplicacyFolder/test'

Any ideas?

Yes :slight_smile: you forgot sudo in your pre-backup script


I thought it would be automatically run as sudo but you’re right, the privilege api is not even invoked without sudo being there first. Duuuuuhhh. Thanks :slight_smile:

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.