# rsnapshot 'permission denied' as root (probable cause: encfs

## javeree

I run rsnapshot as backup tool. To that end, I have a command in /etc/cron.hourly/rsnapshot:

 *Quote:*   

> rsnapshot -x -c /etc/rsnapshot/rsnapshot.Hermes.conf sync && rsnapshot -x -c /etc/rsnapshot/rsnapshot.Hermes.conf hourly

 

This command should be run as root.

The first step (sync) works fine. No errors are reported.

The second step fails with

 *Quote:*   

> /usr/bin/rsnapshot -x -c /etc/rsnapshot/rsnapshot.Hermes.conf hourly: ERROR: Could not rename("/mnt/.backupdrive/.snapshots/Hermes/.sync", "/mnt/.backupdrive/.snapshots/Hermes/hourly.0") - error Permission denied

 

Trying to debug, I go to shell, and run -as root-

 *Quote:*   

> mv -v "/mnt/.backupdrive/.snapshots/Hermes/.sync", "/mnt/.backupdrive/.snapshots/Hermes/hourly.0"

 

Sure enough, I also get a permission denied. Ichecked the path up to /mnt/.backupdrive/.snapshots/Hermes/, which is fully owned by root and has 755 as permissions.

I assume it might have something to do with folders such as 

 *Quote:*   

> ls -la "/mnt/.backupdrive/.snapshots/Hermes/.sync/localhost/home/ann/.thunderbird/default0.profile/Mail/Local Folders/Unsent Messages"
> 
> -rw------- 1 ann users 0  8 jul 14:26 /mnt/.backupdrive/.snapshots/Hermes/.sync/localhost/home/ann/.thunderbird/default0.profile/Mail/Local Folders/Unsent Messages

 

Still, it should not prevent me from copying the directory tree at the .sync level ?[/code]Last edited by javeree on Wed Jul 09, 2014 10:30 am; edited 1 time in total

----------

## javeree

well, it doesn't have to do with the type of file I highlighted. I can move that file just fine.

----------

## Hu

What provides that filesystem?  The directory .snapshots is used by some network attached storage devices as a way of exposing their archives of old views of the filesystem.  This can be handy to let users recover accidentally deleted content without contacting IT.  When the directory is used in that way, it is very magical and cannot be modified according to normal rules.

----------

## javeree

good question Hu, and to the point.

The directory  is in fact mounted from encfs, with the encfs sitting on top of ext4. With this setup, IN THEORY, I should have no problem moving something. However, I meanwhile found out that I set up encfs in a way that is not optimal for rsnapshot.

I had created encfs with 'paranoid' settings. This has two disadvantages for backup:

1. The filenames with this setting tend to be much longer than the original, resulting in a 'path too long' problem for some directories. (This disadvantage is unrelated to the above problem, but was one of the reasons why I re-read the man page of encfs).

2. The encoding of the filename (and possibly the file itself) depends on the full path. Therefore, a move of a directory results in re-encoding at least the filenames of all files under that subtree. I can see that this results in a highly inefficient 'mv' command (up to the point of on 'mv' possibly requiring re-encoding 600Gb data). I don't see how it would result in a 'permission denied'

Anyway, I started again, created a new encfs system with standard protection scheme. This is running at the moment, and at least for the first PC I back up rsnaphot did not complain anymore when trying to rotate the sync.

I presume that the 'permission denied' I had in a subtle way was also related to this paranoid encryption.

Thanks for thinking along

LESSON LEARNED:

DON'T USE RSNAPSHOT WITH ENCFS IN PARANOID MODE:

DO NOT USE 'External IV Chaining'

SET 'Filename Encoding=Stream' TO AVOID 'Path too long'

----------

