restic/changelog/unreleased/pull-3419

22 lines
1,016 B
Text
Raw Normal View History

Enhancement: Use config file permissions to control file group access
Previously files in a local/sftp restic repository would always end up with
very restrictive access permissions allowing access only to the owner. This
prevented a number of valid use-cases involving groups and ACLs.
Now we use the config file permissions to decide whether group access
should be given to newly created repository files or not. We arrange for
repository files to be created group readable exactly when the repository
config file is group readable.
To opt-in to group readable repositories a simple `chmod -R g+r` or
equivalent can be used. For repositories that should be writable by group
members a tad more setup is required, see the docs.
Posix ACLs can also be used now that the group permissions being forced to
zero no longer masks the effect of ACL entries.
https://github.com/restic/restic/issues/2351
https://github.com/restic/restic/pull/3419
https://forum.restic.net/t/change-permissions-on-repository-files/1391