Server+S3. User see all repos

Long ago I started a common repo for all my family computers using S3. Now I want to make it more secure, so I installed kopia in my home server, and plan to use it in computers; but after adding my server (using token) to my laptop, it still see all hosts. I found Authenticated server user can see all other users’ snapshots via web interface and don’t know if it is related (couldn’t find github issue).

It is a bug or I misconfigured something?

Thanks

I have just seen I use kopia 0.7.3; and documentation is about kopia 0.8.0. I will wait for 0.8.0 to be stable and check again.

I wonder how you managed to run a repo on a S3 bucket with multiple hosts, where each host could only see its own snapshots, in the first place, since you had to give the repo password to each host, to be able to decrypt the repo.

You can, however, achieve this with your local Kopia server, easily, since Kopia’s API do support repo users, which have their own password. So only the Kopia server would have the repo password and handle all Kopia client requests on behalf of those clients. This has been the same for 0.7.x and 0.8.x and I really don’t know, if this would be easy to change, since this would mean to introduce some fundamental changes to the repo.

E.g. if you wanted to have “repo users” over the Web, there would have to be several keys to manage, whereas the blobs themselves share the same encryption key, but the fragments, which are describing each client’s snapshots would be have to be enrypted with the respective key of that repo user.

This is probably not impossible, but at least more complex. I wouldn’t hold my beath, waiting for it. :wink:

Following the slides [Kopia Deployment Scenarios - Google Slides] it started like slide 3 (single user, 2 computers) then I added some family members with whom I share lots of multimedia files and become sliede 4 (multiple computers and users, all of them full access). All the other users trust me, but I don’t trust their computer habilities, so I want to make it like slide 5.
I already have a server, running kopia with systemd; but when I added the server as a repo to my laptop, opening the ui showed access to all hosts.
I don’t know if I missed some options when setting the server, or some changes need to be made to repo

I tried again adding a new user using a “fake” client-hostname, and it appear to work, so maybe the problem was that my firts user has access to all the repos (admin user?); or maybe that using the token ( $ kopia repository status -t -s) got access to all computers.

I will make more tests…

There’s a difference, if you connect via plain HTML or via a kopia client. I think, what you get with the token is the “master access”. Also note, that accessing via the WEB UI is currently only possible for WEB-UI user. You can define one of the repo users to have that role, but you cannot distinct between different users this way.

So, the Kopia app will handle this for you on your client, but this doesn’t work via the WEB UI.

The problem was making all tests using web-ui. Using the gui it works ok.

The problem is that any user works ok with GUI, but using WEB-UI can access all users files.

After reading something about ACL and kopia 8, it may solve my problems; is beta4 “safe” to use? or is there any estimated time for stable release?

Thanks

Well… no. Kopia ACLs work when connecting through Kopia Server, where you connect using a dedicated user/password combo for each user. ACLs can then make sure, that you can only access specific snapshots. This doesn’t work with a S3-based repo, since you’ll always have to provide the repo “master” password. No user password will get you access to the repo itself.

Regarding the stability of beta4 - I am running it every day and didn’t had any issues with it.

After some checking, now it all appear to work as expected.

Thanks!