Sections here are really just placeholders with enough information to get started on building actual articles...

Better Permissions Handling

Proven on:

12 (bookworm)

• sudo apt install acl
• sudo mkdir /FOOBAR
• sudo chown -R :users /FOOBAR
• sudo chmod -R g+ws /FOOBAR
• sudo setfacl -R -m g:users:rwx /FOOBAR

Now, the directory /FOOBAR is writeable by anyone in the users group.

Some Links

• Wikipedia : setuid
• Wikipedia : Access-control list
• StackExchange : Getting new files to inherit group permissions on Linux
• StackExchange : Using setfacl to create recursive permissions for Apache with rsync

Development Testing for a Backup Server

Proven on:

12 (bookworm)

Currently testing on a pair of LXCs, both configured as priveledged containers (tho this may not be needed).

• VMID 999001: storage
• VMID 999002: backup

Primary user on both is tinker (because remote access by root is stupid...)

On the PVE Server:

(setting up the storage for the test LXCs...)

• mkdir /mnt/Storage-0
• mkdir /mnt/Storage-1
• mount -L Storage-0 /mnt/Storage-0
• mount -L Storage-1 /mnt/Storage-1
• vi /etc/fstab

LABEL=Storage-0     /mnt/Storage-0    ext4   defaults 0 0
LABEL=Storage-1     /mnt/Storage-1    ext4   defaults 0 0

• pct set 999001 -mp0 /mnt/Storage-0,mp=/mnt/Storage # storage
• pct set 999002 -mp0 /mnt/Storage-1,mp=/mnt/Storage # backup

On "storage"

• ssh-keygen
• ssh-copy-id tinker@backup
• apt install acl rsync
• setfacl -R -m u:tinker:rwx /mnt/Storage

On "backup"

• ssh-keygen
• ssh-copy-id tinker@storage
• apt install acl rsync
• setfacl -R -m u:tinker:rwx /mnt/Storage

Testing rsync commands

• cd /mnt/Storage
• rsync -Aaiz * backup:/mnt/Storage
  • copies all files to the backup machine
  • (& if you run it again, only copies NEW or CHANGED files)
• rsync -Aaiz --delete * backup:/mnt/Storage
  • Will actually synchronize. (i.e. It will DELETE any files from the destination that have been removed on the source.)
  • DANGER...DANGER...DANGER  (this may NOT be exactly what you want to do in a backup situation.