Why does my RemoteSyncOperator user vanish backups of other users?

nordeep

Active Member
May 18, 2016
7
6
43
41
Hi, All!

I have two PBS servers and sync job from "first PBS" to "second PBS".
On the "second PBS" besides synced backups from "first PBS" I also have local backups. My sync@pbs("second PBS") user has only RemoteSyncOperator permission. Sync job has mark "Remove vanished". After Sync job done - all local backups had vanished. Seems strange.
1. Why does RemoteSyncOperator can vanish?
2. Why vanish works for backups of other owners?
 
can you post the sync config?
Code:
proxmox-backup-manager sync-job list # get the ID
proxmox-backup-manager sync-job show ID
 
Hi, All!

I have two PBS servers and sync job from "first PBS" to "second PBS".
On the "second PBS" besides synced backups from "first PBS" I also have local backups. My sync@pbs("second PBS") user has only RemoteSyncOperator permission. Sync job has mark "Remove vanished". After Sync job done - all local backups had vanished. Seems strange.
1. Why does RemoteSyncOperator can vanish?

because the user who set up the sync job can remove arbitrary groups/snapshots from the target store

2. Why vanish works for backups of other owners?

indeed it might make sense to filter based on ownership there as well..
 
can you post the sync config?
Code:
proxmox-backup-manager sync-job list # get the ID
proxmox-backup-manager sync-job show ID
Code:
│ Name            │ Value        │
╞═════════════════╪══════════════╡
│ id              │ rp-sync      │
├─────────────────┼──────────────┤
│ remote          │ rp             │
├─────────────────┼──────────────┤
│ remote-store    │ main         │
├─────────────────┼──────────────┤
│ store           │ main         │
├─────────────────┼──────────────┤
│ owner           │ sync@pbs     │
├─────────────────┼──────────────┤
│ remove-vanished │ 1            │
├─────────────────┼──────────────┤
│ schedule        │ 08:00        │
because the user who set up the sync job can remove arbitrary groups/snapshots from the target store



indeed it might make sense to filter based on ownership there as well..
Thank You! I figure it out.
Trying to set Sync Job as my sync@pbs user. Login in as sync@pbs user and add another Sync job.
Additional add next Permissions:
Code:
┌───────────────┬─────────────────┬───────────┬────────────────────┐
│ ugid          │ path            │ propagate │ roleid             │
╞═══════════════╪═════════════════╪═══════════╪════════════════════╡
│ root@pam!hass │ /datastore/main │         1 │ DatastoreBackup    │
├───────────────┼─────────────────┼───────────┼────────────────────┤
│ sync@pbs      │ /datastore      │         1 │ RemoteSyncOperator │
├───────────────┼─────────────────┼───────────┼────────────────────┤
│ sync@pbs      │ /datastore      │         1 │ DatastoreReader    │
├───────────────┼─────────────────┼───────────┼────────────────────┤
│ sync@pbs      │ /datastore      │         1 │ DatastoreBackup    │
├───────────────┼─────────────────┼───────────┼────────────────────┤
│ sync@pbs      │ /datastore      │         1 │ DatastoreAudit     │
├───────────────┼─────────────────┼───────────┼────────────────────┤
│ sync@pbs      │ /remote         │         1 │ RemoteSyncOperator │
└───────────────┴─────────────────┴───────────┴────────────────────┘
But still no luck. After Sync job done - backups owned by "root@pam!hass" user vanished at all.
 
(currently), if you set up a sync job configured with remove_vanished, it will remove all groups that are not listed by the remote PBS instance. setting up such a sync job requires permission to remove anything on the target datastore. that does not mean that the owner of the sync result has to be able to remove everything.
 
(currently), if you set up a sync job configured with remove_vanished, it will remove all groups that are not listed by the remote PBS instance. setting up such a sync job requires permission to remove anything on the target datastore. that does not mean that the owner of the sync result has to be able to remove everything.
Ok! Get it.
Is there any chance of changing behavior?:) For now it can't be used Second PBS as Sync slave and as Local Master backup at same time.
 
like I said, it might be possible to just filter the local list against ownership as well, then we could even allow remove_vanished for all users that can sync. just have to think through all the implications ;)
 
  • Like
Reactions: nordeep

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!