Permissions - Kaiede/docker-minecraft-bedrock-backup GitHub Wiki

Permissions in simple cases can be handled automatically, but in many cases, there is a need for users to configure the permissions manually.

The service uses a tool called entrypoint-demoter to avoid running the service as root. By default it will automatically demote the service to the user and group that owns your backups directory.

In many cases you can use a regular user that has been added to the docker group (ex. me:docker). This is how I setup my own servers. It makes things easier when you want to restore backups or otherwise manage the backups manually, as you can do it as a non-root user.

In cases where you need to override the user and group that is picked for you by entrypoint-demoter. The user must be part of the docker group, or otherwise have access to attach to the server containers. This also will have problems when running Docker rootless. To do the override, set the UID and GID environment variables in your docker-compose.yml file.

In the config.yml, there is a feature that allows you to override the user, group, and permissions for the backups. It is only recommended to do this if you absolutely must, such as running it on a NAS device that requires specific ownership and permissions. Trimming may break if the tool loses write access to the backup files when using this functionality. Use with caution.

Using chown requires running the service as root which is not recommended!

ownership:
  chown: <uid>:<gid>
  permissions: 644