By default, the container runs the backup script as the root user. If you wish to run the container as a non-root user, there are a few things you need to set.
You can use the built-in non-root user and group, named backuptool, with the UID and GID of 1100.
- Make sure that the rclone config file in the mounted
vaultwarden-rclone-datavolume is writable bybackuptooluser.
# enter the container
docker run --rm -it \
--mount type=volume,source=vaultwarden-rclone-data,target=/config/ \
--entrypoint=bash \
ttionya/vaultwarden-backup:latest
# modify the rclone config file owner in the container
chown -R 1100:1100 /config/
# exit the container
exit- If you want a full backup of the
rsa_key*, you need to allow thebackuptooluser to read thersa_key*.
With Docker Compose
# enter the container
docker run --rm -it \
--mount type=volume,source=vaultwarden-data,target=/bitwarden/data/ \
--entrypoint=bash \
ttionya/vaultwarden-backup:latest
# make files readable for all users in the container
chmod -R +r /bitwarden/data/
# exit the container
exitWith Automatic Backups
# enter the container
docker run --rm -it \
--volumes-from=vaultwarden \
--entrypoint=bash \
ttionya/vaultwarden-backup:latest
# make files readable for all users in the container
chmod -R +r /data/
# exit the container
exit- Start the container with proper parameters.
With Docker Compose
# docker-compose.yml
services:
backup:
image: ttionya/vaultwarden-backup:latest
user: 'backuptool:backuptool'
...With Automatic Backups
docker run -d \
...
--user backuptool:backuptool \
...
ttionya/vaultwarden-backup:latestPerform the restore normally, nothing special.