Package Details: duplicati-latest 2.0.2.8-1

Git Clone URL: https://aur.archlinux.org/duplicati-latest.git (read-only)
Package Base: duplicati-latest
Description: A free backup client that securely stores encrypted, incremental, compressed backups on cloud storage services and remote file servers
Upstream URL: http://duplicati.com
Keywords: backup duplicati
Licenses: LGPL
Submitter: dannysu
Maintainer: valandil (carbolymer)
Last Packager: valandil
Votes: 18
Popularity: 2.971768
First Submitted: 2014-09-01 02:11
Last Updated: 2017-09-20 15:46

Latest Comments

valandil commented on 2017-10-10 14:20

Sorry, I'll have to let you investigate this. I'm on paternity leave for the next 2 weeks.

magratheaner commented on 2017-10-10 14:12

Today, I installed the tool with yaourt and it didn't place "duplicati-cli" anywhere (as checked with yaourt -Ql duplicati-latest) which should be the executable wrapper for linux systems.

Instead, I had to change the permissions of "Duplicati.CommandLine.exe" in the install path to executable and make the alias myself.

I don't know how much of a long-term solution this is in terms of automatic yaourt updates.

Have I gotten something wrong?

Edit: I just realized this could be due to the fact that I'm using zsh and the installer maybe only adds the alias in some bash config?

valandil commented on 2017-09-28 12:22

Yeah I'm an idiot. Here's the link: https://gist.github.com/valandil/b500f7a822cf166c1ea91af0db102c57

carbolymer commented on 2017-09-28 09:37

@valandil hm, I don't see your patch

valandil commented on 2017-09-27 15:50

@carbolymer Here's the patch I propose. Would you care to comment on it?

valandil commented on 2017-09-27 15:22

@carbolymer In fact, I think your suggestion makes sense. The default behaviour should be not to run as root. The user can then decide to elevate Duplicati's privileges using systemd's drop-in feature, or however they choose to do it. If I have time, I'll document this in a pinned comment.

carbolymer commented on 2017-09-26 12:50

@valandil Not quite. If you're using duplicati on a headless server:
1) you have to expose the web interface
2) you cannot use duplicat-user.service which starts duplicati GUI
Having exposed webserver running as a root is a security risk.

If you're still not convinced to run duplicati.service as separate user, we can leave it as it is. I've added conf file to my systemd drop-in folder which sets the user and group of duplicati process, so I'm good. ;)

valandil commented on 2017-09-21 14:21

In that case, I think that the status quo might be a good solution. If the user wants to run Duplicati to backup his personal files, the user-privileged duplicati-user.service is sufficient.

To backup system files, I don't think there is a good way around running as root. Temporary elevation of privilege would be nice, but there doesn't seem to exist a way to do in Duplicati. The user should understand that by starting duplicati.service, he is running a local webserver as root.

In any case, any attack on this local web server presupposes a compromised system. The local Duplicati server itself cannot be used as a remote entry point for an attack, as it is not exposed to the Internet. I'm not sure how having a duplicati user and bindfs deters an attacker which already has access to the machine by some other means.

Do you agree?

carbolymer commented on 2017-09-21 06:02

@valandil It seems that packages for other distros are running duplicati as root: https://github.com/duplicati/duplicati/tree/master/Installer

Moreover, duplicati with the snapshot-policy=auto tries to make disk snapshots using LVM which requires root. https://github.com/duplicati/duplicati/wiki/FAQ

It looks that root priviledges are required in some cases.

@valandil, what's your opinion?

valandil commented on 2017-09-20 15:36

How do the other distros manage this? We can surely learn from them.

I agree that running as root can be problematic: if an exploit is found in Duplicati, it has read AND write access to system files. I think the best way would be provide only read access to the duplicati user, with the possibility to run the server as root for restoring backups only. Not sure how to implement that so it's simple for the end-user though.

All comments