From 60464bc21a55fc440e6fb88f01f3c94bdfe2432f Mon Sep 17 00:00:00 2001 From: Nicolas Meienberger Date: Sun, 19 Apr 2026 12:16:13 +0200 Subject: [PATCH] docs: mounted shares acls --- apps/docs/content/docs/concepts/volumes.mdx | 4 + apps/docs/content/docs/guides/meta.json | 1 + .../docs/guides/mounted-shares-and-acls.mdx | 182 ++++++++++++++++++ apps/docs/content/docs/guides/restoring.mdx | 4 +- apps/docs/content/docs/installation.mdx | 4 + 5 files changed, 194 insertions(+), 1 deletion(-) create mode 100644 apps/docs/content/docs/guides/mounted-shares-and-acls.mdx diff --git a/apps/docs/content/docs/concepts/volumes.mdx b/apps/docs/content/docs/concepts/volumes.mdx index 5f9789f5..4d360281 100644 --- a/apps/docs/content/docs/concepts/volumes.mdx +++ b/apps/docs/content/docs/concepts/volumes.mdx @@ -11,6 +11,10 @@ A volume tells Zerobyte *where* your data lives. When you create a volume, you p Volumes support a range of protocols, from simple local directories to NFS shares, Windows/Samba file servers, WebDAV endpoints, SFTP connections, and cloud storage via rclone. Once a volume is mounted, you can browse its contents directly in the UI, assign it to one or more backup jobs, and let Zerobyte handle the rest. + + Mounted remote volumes can expose translated metadata instead of the source system's original ownership and ACL model. Before relying on NFS, SMB, WebDAV, SFTP, or rclone volumes for metadata-sensitive backups, read [Mounted Shares, ACLs, and Metadata Fidelity](/docs/guides/mounted-shares-and-acls). + + ## Supported volume types Zerobyte supports six volume types. Each one is configured through the web UI when you create or edit a volume. diff --git a/apps/docs/content/docs/guides/meta.json b/apps/docs/content/docs/guides/meta.json index 7709de28..8c24a7f1 100644 --- a/apps/docs/content/docs/guides/meta.json +++ b/apps/docs/content/docs/guides/meta.json @@ -4,6 +4,7 @@ "3-2-1-backup-strategy", "restoring", "backup-webhooks", + "mounted-shares-and-acls", "notifications", "recovery-key-and-repository-passwords", "repository-maintenance", diff --git a/apps/docs/content/docs/guides/mounted-shares-and-acls.mdx b/apps/docs/content/docs/guides/mounted-shares-and-acls.mdx new file mode 100644 index 00000000..67798743 --- /dev/null +++ b/apps/docs/content/docs/guides/mounted-shares-and-acls.mdx @@ -0,0 +1,182 @@ +--- +title: Mounted Shares and Permissions +description: A simple guide to what mounted volumes preserve well, what they simplify, and when a local directory is the better fit +--- + +Mounted volumes are still very useful in Zerobyte. For many people, backing up the file contents is the main goal, and mounted shares work well for that. + +Where things get a little more nuanced is permissions and other filesystem details. + + + Backing up a mounted share does **not** remove permissions from the source. + + The main question is simpler than it sounds: how much of the source system's permission information can the mounted view actually show to the backup? + + +## The short version + +- If your main goal is recovering files and folders, mounted volumes are often perfectly fine. +- Zerobyte backs up the view that the mounted filesystem presents inside the container. +- Some backends show permissions and ownership very well. +- Some backends show a simplified view. +- If you want the closest thing to a true replica, a local **Directory** volume is the best choice. + +## Why this matters + +When Zerobyte backs up a remote volume, it does not talk directly to every storage system in its native format. + +Instead: + +1. Zerobyte mounts the volume inside the Linux container. +2. Linux sees that mounted volume as a normal filesystem. +3. Restic backs up what Linux can see there. + +That means the backup is only as detailed as the mounted view. + +If the mount shows the real owner, permissions, and advanced permission rules, Restic can back them up. + +If the mount shows a simplified version, the snapshot will also contain that simplified version. + +## What might be simplified + +Depending on the backend, the mounted view may simplify: + +- file owner +- group +- read, write, and execute permissions +- advanced permission rules +- extra filesystem metadata + +This is why a backup can be excellent for file contents while being less exact for permission details. + +## Editing files on a mounted share + +This is also useful to know outside of backups. + +- Editing an existing file often keeps that file's existing server-side permissions. +- Deleting a file and creating it again usually creates a new remote file. +- A new file usually gets the folder's default or inherited permissions, not necessarily the old file's exact ones. +- Some editors save by replacing the file behind the scenes, so they may behave more like recreate than edit-in-place. + +For many users this is not a problem. It mainly matters when you are trying to keep permissions exactly the same. + +Common examples where permissions matter more: + +- a shared company folder where different teams should see different subfolders +- user home directories where private files should stay private after restore +- website or app files where the service depends on the right owner or executable permissions +- server scripts, cron jobs, or deployment hooks that need to remain executable +- business shares with inherited folder rules, such as finance or HR documents + +## Backend comparison + +| Backend | Good fit for | Permission fidelity | What to keep in mind | +| --- | --- | --- | --- | +| **Directory** | Local data and bind-mounted host paths | **Best** | Best choice when you want the backup and restore to stay as close as possible to the original filesystem | +| **NFS** | Linux and NAS shares | **Usually good** | Often a strong remote option, but ownership mapping can still vary between systems | +| **SMB/CIFS** | Windows shares and Samba servers | **Mixed to good** | Often the best remote option when permission details matter, but still not a perfect copy of the original Windows permission model | +| **WebDAV** | Nextcloud, ownCloud, and content-focused remote access | **Limited** | Great for backing up files, less reliable for exact permission replication | +| **SFTP** | Secure access to remote Linux servers | **Limited** | Good for content backup, but advanced permission details are often reduced | +| **Rclone** | Cloud providers and object storage | **Lowest** | Best treated as a content source, not as a full filesystem replica | + +## What each backend is best at + +### Directory + +This is the easiest option to trust when you care about both file contents and permissions. + +Why it works so well: + +- Zerobyte sees the filesystem directly +- there is no extra network protocol translating the data +- restores are usually the most predictable + +If your goal is the closest thing to a true replica, choose **Directory** whenever you can. + +### NFS + +NFS is often a very good fit for Linux-style file sharing. + +It is usually a strong choice when: + +- the share comes from a Linux or NAS system +- ownership matches well between systems +- you want a remote option that still feels fairly native + +It can still vary depending on how the server is configured, so it is good to test with a few real files first. + +### SMB/CIFS + +SMB is a good choice for Windows shares and Samba servers. + +Compared with other remote options, it often gives Linux a richer view of remote permissions. That makes it the most promising remote choice when those details matter. + +Still, it helps to think of SMB as "often good" rather than "guaranteed exact." + +### WebDAV + +WebDAV is very convenient and widely supported. + +It is usually best for: + +- backing up file contents +- reaching services like Nextcloud and ownCloud +- simple remote access + +It is usually **not** the best choice if you want a very exact copy of the original permission model. + +### SFTP + +SFTP is a solid option when you need secure remote access over SSH. + +It is usually good for: + +- backing up files from remote Linux servers +- simple remote access with passwords or keys +- content-focused backups + +Like WebDAV, it is usually better for file contents than for exact permission replication. + +### Rclone + +Rclone is excellent for connecting to many cloud providers. + +It is usually best for: + +- backing up data stored in cloud services +- content-focused backup jobs +- providers that are not traditional filesystems + +It is the least suitable option when you want the mounted view to behave like a normal local filesystem. + +## Best option for true replication + +If by "true replication" you mean: + +- same files +- same ownership +- same permissions +- same advanced permission rules +- restore behavior that stays very close to the original + +then the best option is still **Directory**. + +If the original data lives somewhere else, the most reliable approach is usually one of these: + +1. Run Zerobyte close to the data and back it up as a local directory there. +2. Mount the source on the host first, then bind-mount that local path into Zerobyte as a Directory volume. +3. Use remote mounted backends mainly for content backup, not for exact replication. + +## Practical advice + +1. If you mainly care about recovering files, most mounted backends are fine. +2. If you care a lot about permissions too, prefer **Directory** first. +3. After **Directory**, **NFS** is often the next best choice. +4. **SMB** can also be a good option, especially for Windows and Samba shares, but it is worth testing first. +5. Treat **WebDAV**, **SFTP**, and **rclone** as content-first backends. + + + The message here is not "avoid mounted shares." They are useful and often exactly the right choice. + + The simpler rule is: if file contents matter most, mounted shares are often great. If you want the closest possible replica of the original filesystem, a local **Directory** volume is still the best option. + diff --git a/apps/docs/content/docs/guides/restoring.mdx b/apps/docs/content/docs/guides/restoring.mdx index c94d995b..706a8d9d 100644 --- a/apps/docs/content/docs/guides/restoring.mdx +++ b/apps/docs/content/docs/guides/restoring.mdx @@ -187,7 +187,9 @@ That works well on a normal local Linux filesystem. It gets more complicated whe These destinations may let Zerobyte write file contents while still rejecting `chown`, `chmod`, timestamp, or xattr updates. -In Zerobyte today, SFTP, SMB, and WebDAV mounts pass the container process `uid` and `gid` to the mount command. If the container runs as root, those mounts can appear as `0:0` inside the container even when the remote system stores ownership differently. A backup taken from that mounted view can therefore record synthetic ownership in the snapshot. +Mounted destinations can expose translated metadata. In Zerobyte today, WebDAV and SFTP mounts still pass the container process `uid` and `gid` to the mount command, and SMB mounts still depend on what the Linux CIFS client can represent from the remote server. A backup taken from any mounted view records what Linux can see there, which may not be the remote system's full ACL model. + +For the practical implications and backend-by-backend tradeoffs, see [Mounted Shares and Permissions](/docs/guides/mounted-shares-and-acls). ## What Zerobyte can and cannot change diff --git a/apps/docs/content/docs/installation.mdx b/apps/docs/content/docs/installation.mdx index edba11d2..4f94e172 100644 --- a/apps/docs/content/docs/installation.mdx +++ b/apps/docs/content/docs/installation.mdx @@ -72,6 +72,8 @@ services: **Security Note**: The `SYS_ADMIN` capability and `/dev/fuse` device are required for mounting remote filesystems (NFS, SMB, WebDAV, SFTP). If you only need local directory backups, see the [Simplified Installation](#simplified-installation-no-remote-mounts) section below. + +Remote mounts are convenient, but they can expose translated ownership, permissions, and ACL metadata instead of the source system's original view. Read [Mounted Shares and Permissions](/docs/guides/mounted-shares-and-acls) before using mounted volumes for metadata-sensitive backups. ### 2. Configure Environment Variables @@ -218,6 +220,8 @@ services: If you need remote mount capabilities later, you can update your `docker-compose.yml` to add back the `cap_add: SYS_ADMIN` and `devices: /dev/fuse:/dev/fuse` directives. + +If your goal is the closest thing to true replication, prefer local bind-mounted directories whenever possible. See [Mounted Shares and Permissions](/docs/guides/mounted-shares-and-acls) for the practical tradeoffs. ## Mounting Local Directories