Problem:
I like to have Kopia backup everything on /, and I don’t like having permission denied errors.
Solution?
Linux Capabilities!
New Problem:
Linux Capabilities will break upon upgrading Kopia.
Solution?
Pacman Post Transaction Hook!
sudo nano /etc/pacman.d/hooks/kopia-post.hook
[Trigger]
Type = Package
Operation = Install
Operation = Upgrade
Target = *
[Action]
Description = Set Capacity to Kopia to allow non-root backup permissions
When = PostTransaction
Exec = /usr/bin/setcap cap_dac_read_search=+ep /usr/bin/kopia
You’ll want Kopia to only be upgraded by your package manager, or you’ll break capabilities again. sudo rm /root/.config/kopia/repository.config.update-info.json
I hope this is helpful to someone out there, and I hope others can port it to all the other distros/BSD/macOS/Windows and their respective package managers.
You can also do the same thing with Monit, then it wont matter how you update Kopia, just that the path stays the same. Monit can perform various checks and take action or send alerts. With some extra scripts it can check and set capabilities. I used this on Node-Red for a time.
Check configuration in monitrc
Works as if /opt/scripts/monit-node-getcap.sh returns a non-zero exit status, execute /opt/scripts/monit-node-setcap.sh
check program nodered-capabilities with path /opt/scripts/monit-node-getcap.sh
if status != 0 then exec /opt/scripts/monit-node-setcap.sh