Hi, I use wasabi (S3 compatible) storage. I have some family who ask me to keep a copy of their files. Is there a way to make their computers be able to upload only?
I suppose it may involve setting my computer to make repo maintenance and creating a user in S3 for them to upload only to data folers, and upload and write where repo lock files are… I am quite new to kopia.
Why would you to make those clients “upload-only”? Assign each client a different “user” and all they can access are their own files, even if they’re using the same one repository. You can do that using these two options:
--override-username=XXX
--override-hostname=YYY
Then set appropriate retensions, so that they don’t accidentially delete their files. As far as Wasabi goes, a read-only access would be an issue with the automatic maintenance of the repo, so you’ll probably don’t want that.
The idea is to keep them “safe of themselves”… just in case they get hacked by a ransomware o something similar. The information is compromised, but at least it cannot be lost.
Well, you’re overthinking things a bit, I guess. If these family members are not savvy enough to perform their own backups, they’re clearly not savvy enough to mess around with the S3 repo/bucket themselves.
Just keep a good retention on the repo and you should be good to go. restic will need at least some write access to the bucket and you’d want restic to be able to do some pruning as well, which will involve deleting old or unsed objects at some time.
It’s probably better to keep them away from the bucket by setting up a rest-server, where their clients will connect to and have the rest-server handle the S3 repo. This was they’re totally oblivious to your S3 bucket.
I was reading how to create a rest server, is there any manual? I am interested in how to make it work with systemd, and if fail2ban can be configured to mitigate brute force attacks.
Thanks
https://kopia.io/docs/repository-server/ has instructions for setting up kopia server. Keep in mind that the user experience is not final and will be improved in future versions.
ok, thanks. I keep checking backup solutions now and then. Right now using kopia, restic, borg and duplicati; all of them with good and bad things, depending of what the environment.
It seems to me that users still have to upload 100% of their content initially even if that content is already present in kopia-server’s storage since users can’t access other users’ indices. Is this correct?
This is an optimization that could be added, but as of now the first upload of a given directory without prior history will send the entire content to the Kopia server.