1

Topic: How to correctly use rdiff-backup for vmail/vmail1 directory?

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release):  1.3 MARIADB edition
- Deployed with iRedMail Easy or the downloadable installer? Yes
- Linux/BSD distribution name and version: Debian 10
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Hi everyone! Well, this is more of a "how could I do this"? Rather than an issue:

- I want to use rdiff-backup to create backups of my /var/vmail/vmail1 directory (to backup all my email messages)
- And it would create the backup in a folder that it's actually a mounted directory from a different server

My problem is that it shows me permission errors, like this one:

ListError my-super-domain.com [Errno 13] Permission denied: '/var/vmail/vmail1/my-super-domain.com'

I think that it could be something related to the permissions of those files:

drwx---r-- 6 vmail vmail 4096 Jun 19 23:02 my-super-domain.com

... or maybe not, I'm totally lost here sad

Also I tried to do my homework and googled a lot, but everywhere people just use rsync. But I want to use rdiff-backup so I can easily have daily backups that I can restore on demand.

Thank you so much!

2

Re: How to correctly use rdiff-backup for vmail/vmail1 directory?

can you show the full command you ran with rdiff-backup, I'll test and see how you should do it

3

Re: How to correctly use rdiff-backup for vmail/vmail1 directory?

MuPp3t33r wrote:

can you show the full command you ran with rdiff-backup, I'll test and see how you should do it

Sure! This is the one:

rdiff-backup -v3 --print-statistics /var/vmail/vmail1/ /home/my-super-user/local-backup/

My original plan was to actually mount a directory from an external server there first.
But first I have to get this first rdiff part done.

What do you think?

4

Re: How to correctly use rdiff-backup for vmail/vmail1 directory?

Your command works perfectly for me as-is, so I'm guessing that its a permissions issue.

Are you running this as root or another user? Only users "vmail" and "root" have assess to the source directory at /var/vmail/vmail1

I ran this as root and it worked: rdiff-backup -v3 --print-statistics /var/vmail/vmail1/ /tmp/backup

5

Re: How to correctly use rdiff-backup for vmail/vmail1 directory?

MuPp3t33r wrote:

Your command works perfectly for me as-is, so I'm guessing that its a permissions issue.

Are you running this as root or another user? Only users "vmail" and "root" have assess to the source directory at /var/vmail/vmail1

I ran this as root and it worked: rdiff-backup -v3 --print-statistics /var/vmail/vmail1/ /tmp/backup

Got it. I thought that with the Read permission for Other I could do that (why that doesn't work that way?).
I'll try with root now, or sudo.

So, if that works, should I create a cronjob from the root user if I want to program a daily backup?

6 (edited by MuPp3t33r 2020-06-26 18:35:31)

Re: How to correctly use rdiff-backup for vmail/vmail1 directory?

dropestein wrote:

Got it. I thought that with the Read permission for Other I could do that (why that doesn't work that way?).
I'll try with root now, or sudo.

So, if that works, should I create a cronjob from the root user if I want to program a daily backup?

vmail folder should have 0700 permissions for vmail owner, you should absolutely avoid putting "others" permission on the folder, because then any compromised user in the system will be able to steal data

It is generally best practice to avoid working directly as the root user, rather use sudo to elevate yourself, but as a cron job there's no problem using root's crontab. If you're using a shell script to run your cron jobs then make sure your scripts are secured with appropriate permissions too

7

Re: How to correctly use rdiff-backup for vmail/vmail1 directory?

MuPp3t33r wrote:
dropestein wrote:

Got it. I thought that with the Read permission for Other I could do that (why that doesn't work that way?).
I'll try with root now, or sudo.

So, if that works, should I create a cronjob from the root user if I want to program a daily backup?

vmail folder should have 0700 permissions for vmail owner, you should absolutely avoid putting "others" permission on the folder, because then any compromised user in the system will be able to steal data

It is generally best practice to avoid working directly as the root user, rather use sudo to elevate yourself, but as a cron job there's no problem using root's crontab. If you're using a shell script to run your cron jobs then make sure your scripts are secured with appropriate permissions too

Oh! Of course, didn't thought about it that way. I'll create the cron job from root, that makes perfect sense.
Thanks!