upvote

points

by placardloop6 hours ago |
comments
upvoteby amluto5 hours ago|
[-]
I disagree, strongly. Here are the relevant docs:

https://restic.readthedocs.io/en/stable/030_preparing_a_new_...

I would like to see an explicit discussion of what permissions are needed for what operation. I would also like to see a clearly specified model in which backups can be created in a bucket with less than full permissions and, even after active attack by an agent with those same permissions, one can enumerate all valid backups in the bucket and be guaranteed to be able to correctly restore any backup as long as one can figure out which backup one wants to restore.

Instead there are random guides on medium.com describing a configuration that may or may not have the desired effect.

reply
upvoteby placardloop18 minutes ago|
parent|
[-]
Again, this isn’t at all in the scope of restic’s docs. If you’re using S3 as the storage, it’s on you to understand how S3 works and what permissions are needed, just like it’s on you to understand how your local file system works and file permissions work if you use the local file system as a backend.

If you don’t understand S3 or don’t want to learn, then that’s fine, and you can pay the premium to tarsnap for simplifying it for you. But that’s your choice, not an issue with restic.

If you think differently, have you submitted a PR to restic’s docs to add the information you think should be there?

reply