Incorrect file permissions after snapshot ( possible umask error?)

[cstby]

System information:

• Server OS: UnRaid 6.12.6
• Server image: docker-kopia v0.15.0-ig67
• Client OS: Pop!_OS 22.04
• Client program: KopiaUI flatpauk v0.15.0

Steps to Reproduce

• set up server with umask 022
• connect client to sever and create snapshot
• view file permissions of folders in the repository

Expected results

All files and directories would have permissions drwxr-xr-x (0755), as implied by umask 022.

Actual results

Files and directories have permissions drwx------ (0700).

Why does this matter?

I need to mirror the repository off-site, which I do using Rsync and UnRaid's built-in SMB server. Any files with 0700 permission cannot be read by Rsync, resulting in a incomplete (and therefore corrupted/inaccessible) Kopia repository.

[hydazz]

is kopia running as root? is PUID/PGID set to 0?

[cstby]

Kopia is running as root. I kept the default settings: PUID is set to 99 and PGID is set to 100. In UnRaid, this is nobody:users, which is expected to be the user for all docker containers.

All the files created by Kopia correctly have the owner nobody. The only problem is the permissions.

[hydazz]

So is the p/guid set to 99/100 or 0/0? I dont believe kopia will be able to create files with proper permissions unless the kopia service is running as root, and this is UMASK independent- just delete it

[cstby]

I followed your advice above and set both PUID and PGID to 0. Then I followed the steps to reproduce. This changed the owner and group to root, but it did not fix the permissions issue. Here is quick snippet from mc about one of the newly created directories:

| Location:   29h:41Ah                                               │
│  Mode:       drwx------ (0700)                                     │
│  Attributes: -------------------------                             │
│  Links:      3                                                     │
│  Owner:      root/root                                             │
│  Size:       3 (2 blocks)                                          │
│  Changed:    Feb  8 20:32                                          │
│  Modified:   Feb  8 20:32                                          │
│  Accessed:   Feb  8 20:32                                          │
│  Filesystem: /mnt/zfs-one/backups                                  │
│  Device:     zfs-one/backups                                       │
│  Type:       zfs (29h)                                             │
│  Free space: 2168G / 2169G (99%)                                   │
│  Free nodes: 4545687856 / 4545688259 (99%)   

[hydazz]

It is working as expected for me, perhaps its a zfs thing, and sounds like an upstream issue?
original:

restored:

heres the test setup for reference:

services:
  kopia:
    image: ghcr.io/imagegenius/kopia
    container_name: kopia
    env_file: .env
    volumes:
      - ./appdata:/config
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /opt/stacks:/opt/stacks
    network_mode: bridge
    ports:
      - 51515:51515
    restart: unless-stopped
networks: {}

.env:

KOPIA_PERSIST_CREDENTIALS_ON_CONNECT=true
DOCKER_MODS=linuxserver/mods:universal-cron
TZ=Australia/Melbourne
PUID=0
PGID=0
CLI_ARGS=server start --insecure --address=0.0.0.0:51515 --htpasswd-file=/config/htpasswd --enable-actions --ui-title-prefix=Riker-

[cstby]

Are you on unraid? It might be an unraid thing.

I don't see how this issue could be caused by the ZFS filesystem. I can't comment on whether it's an upstream issue except to say that umask is set as a docker variable. I'll try using the official kopia docker image and report back on whether I encounter the same issue.

[cstby]

I installed the official docker image. It completely ignores PUID, PGID, and UMASK. Seems like this feature was requested on the kopia repository a while ago and never implemented.

You said that this image is working fine for you. I'll see if there's some unRAID setting I'm missing or something.