What is this user for: SERVER_CONTROL_USER ?

A test server:

kopia repository create filesystem --path=${repo}

export KOPIA_SERVER_CONTROL_USER='control-sever'

kopia server start \
  --ui \
  --tls-cert-file "${repo}/srv.cert" \
  --tls-key-file "${repo}/srv.key" \
  --address \

It accepts credentials and allowed me to bypass basic HTTP authentication as a SERVER_CONTROL_USER, but all I got is:

UI Access denied. See https://github.com/kopia/kopia/issues/880#issuecomment-798421751 for more information.

But this link is related more to KOPIA_SERVER_USERNAME that works fine and allow to see web UI, the same as with kopiaUI. I understand that KOPIA_SERVER_USERNAME is a client to particular instance of repository and can be used in the same way as kopiaUI with given local repository, but what is SERVER_CONTROL_USER is for?

BTW, the mentioned option --allow-repository-users referenced in the issue #880 is unknown in recent 0.10.6 version of kopia, as well it isn’t present in any source files and as result attempt to login as registered repository user (created with kopia server user add xxx@zzz) to the server instance directly (not from remote machine that is subject to back to kopia’s repository server) it failed too and returns link to issue #880

This user is for control operations, it’s primarily used by KopiaUI by can also be used for triggering snapshots:

Here’s the current list of APIs that require this user:

1 Like

Thank you very much for response as well for the kopia !

I’ve been trying to make “kopia server status” work by setting those variables at server launch (kopia repository server with local dir as backend) and in the client but no luck:

$ kopia server status 
kopia: error: unable to list sources: 400 Bad Request, try --help

Any idea what I’m missing?

You should run it something like that:

kopia server status --remote \
--address \
--server-cert-fingerprint=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx	\ <<SHA2 hash that been generate on certificate creation
--server-control-username=your-ctrl-user  \