Package: backintime-qt Version: 1.2.1-2 Severity: important Tags: upstream Dear Maintainer,
backing up to a ssh-mounted remote path forces the remote paths access permissions to 0700 when initiating the backup from the GUI. How to reproduce: - start up backintime-qt - set up a configuration to back up a directory to a ssh-mounted remote directory - check the access permissions of the remote directory (normally 0755) - trigger a backup - check the access permissions of the remote directory, now they are set to 0700. It‘s also reproducible with an existing configuration: - make sure the remote directory's permissions are different than 0700, for example 0750. - start up backintime-qt - trigger a backup - check the access permissions of the remote directory, now they are set to 0700. I did some code analysis and this is what I believe causes the bug: When being started up backintime-qt ssh-mounts the remote path calling MountControl.mount() in /usr/share/backintime/common/mount.py from package backintime-common. MountControl.mount() forces the mount point‘s permissions to 0700 (see details below). When the actual mount happens the mount point‘s permissions gets substituted by the remote path‘s permissions. While the remote path still is mounted MountControl.mount() is called again when starting a backup. With both calls MountControl.mount() calls Mount.createMountStructure(). Mount.createMountStructure() always calls tool.mkdir(self.currentMountpoint, 0o700) in /usr/share/backintime/common/tools.py. Function mkdir(path, mode) does a chmod to the given or a default mode if the given path already exist! So, when MountControl.mount() is called with an already mounted remote path, the remote path‘s permissions get‘s replaced! Expectation: Backintime should never alter the remote path‘s permissions as they may be crafted for a specific purpose. Please forward this issue to upstream. There are two issues at upstream not tracked down yet, which seem to refer to the same flaw: https://github.com/bit-team/backintime/issues/954 https://github.com/bit-team/backintime/issues/974 Regards, Sven -- System Information: Debian Release: bullseye/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 5.3.0-2-amd64 (SMP w/8 CPU cores) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages backintime-qt depends on: ii backintime-common 1.2.1-2 ii libnotify-bin 0.7.8-1 ii policykit-1 0.105-26 ii python3 3.7.5-1 ii python3-dbus.mainloop.pyqt5 5.12.3+dfsg-3+b1 ii python3-pyqt5 5.12.3+dfsg-3+b1 ii x11-utils 7.7+4 Versions of packages backintime-qt recommends: ii python3-secretstorage 2.3.1-2 Versions of packages backintime-qt suggests: pn meld | kompare <none> -- no debconf information
