I'm trying to download the contents of the backup folder /var/backup to my local NAS each day, however the permissions of the backup folder appear to reset each day I can give the SSH user joebloggs permission to the folder web1: Code: setfacl -Rm u:joebloggs:rwx /var/backup/web1 I can then run a daily script to connect through SFTP and download the contents which works However the permissions appear to reset overnight so i cant download the new daily backup How can i give SSH user joebloggs permanent access to this folder - i presume i shouldn't CHOWN the folder to joebloggs as this will interfere with ISPconfig permissions and stop it backing up to the folder?
Is /var/backup a mount point? If so the permissions are probably reset when it is unmounted and mounted again - in which case, add your setfacl command at the end of your backup_dir_mount.sh script.
Keep in mind what security threats you're protecting against if doing this (or any backup design). Eg. I consider our off-the-shelf NAS to be one of the most vulnerable servers we have, and make quite some effort to protect servers and other devices from the NAS being abused - I do store backup files there, but they are encrypted, and I would never give the NAS root access to my servers.
The server does a one way rsync to the NAS, which is stored encrypted and can only be viewed by the server's user. The NAS is in a secure place where access is restricted. But of course this is not the best way to do this and I don't use this anymore. Can't find the script(/command) either right now, but it's a simple rsync from the server to the NAS, which holds a separate volume.
