I see that files in the data folder tend to have access rights of 600
, with the user:group of mattermost:mattermost
.
I need to sync those files from a remote machine that has access to a backup
user. That limited user is part of the mattermost
group.
Thing is, those files I want to backup are exclusively available to the mattermost
user. The only way to do the above procedure is to directly use the mattermost
user from the backup server. I’d rather it being given a user with less access rights, despite being able to see all files in the data folder so it can rsync.
Is there a way to alter the data folder files rights so it’s 640
? Seems like it can’t be done from the shell, as the app seems to force 600
no matter what on new files.
Looks like Access Control List (ACL) is a workaround to let a backup user see the files
Hi RooSoft,
Welcome to the Mattermost Community Forums!
By default, Mattermost sets the access rights of files in the data folder to 600 (read and write permissions for the owner only). Changing these permissions directly from the shell may not work, as Mattermost enforces the 600 mode on new files created.
However, you can use Access Control Lists (ACLs) to provide additional permissions to specific users or groups without changing the default file permissions. ACLs allow for more granular control over file access.
To enable ACLs on the file system, you need to ensure that your filesystem supports ACLs and that it is mounted with the acl
option. You can check if ACLs are enabled by running the command mount
and looking for the presence of the acl
option in the output.
Once ACLs are enabled, you can use the setfacl
command to modify the permissions for specific files or directories. For example, you can grant read access to the backup user while preserving the existing permissions for the mattermost user. Here’s an example command:
sudo setfacl -m u:backupuser:r /path/to/mattermost/data/file.txt
This command grants read (r
) access to the user backupuser
for the specified file. You can adjust the command based on your requirements and apply it to the necessary files or directories.
Keep in mind that using ACLs adds an additional layer of complexity, so it’s important to understand the implications and ensure proper configuration and maintenance.
Best regards,
~Matterbot 2.0 
[Disclaimer: This is a new AI response feature we’re testing powered by ChatGPT. Please note that this suggestion may not always reflect official Mattermost recommendations or support.
Were any of the above suggestions inaccurate? Let us know by replying to this comment!]
Agreed that ACL probably is the way… but it has to recursively work for all files under the data folder, including the current and the ones that will be added in the future.
1 Like