For an introduction to permissions on Linux in general, Digital Ocean has an
excellent article on this.
Overview
Jottacloud CLI consist of two parts, the cli and a daemon. The daemon is called
jottad. jottad is the component that will read/write your uploads and
downloads, communicate with Jottacloud and do authentication.
By default when installing jotta-cli on RPM- and DEB-based distributions, the
daemon jottad will be run as both a user and group named jottad.
Because this daemon is running as this created user, jottad will not have
access to any files without world read or write permissions.
One solution to this is to open up the permissions for the files and folder you
want to back up to be world read- and writeable. This is not recommended.
A better solution is to make sure only jottad has read and write access to these files.
You can achieve this by using groups.
Using groups can be done in two different ways
Adding your user to the group jottad and changing group owner to jottad
Benefit: jottad only having access to what you want to back up
Disadvantage: having to change groups every time you want to backup something newRunning jottad as your own user-group
Benefit: jottad having access to all your files
Disadvantage: jottad having access to all your files
First solution
Add your user to the jottad group:
usermod -a -G jottad <username>For every folder you want to back up, change group owner to jottad:
chgrp jottad /home/<username>/folder_to_backupYou may also need to adjust the permissions of the folder:
chmod g+w /home/<username>/folder_to_backup
$ jotta-cli add /home/<username>/folder_to_backup
ERROR: stat /home/<username>/folder_to_backup: permission denied.
$ chgrp jottad /home/<username>/folder_to_backup
$ jotta-cli add /home/<username>/folder_to_backup
OK
Second solution
What to do here depends on what kind of init-system your OS is using.
upstart:
Open/etc/init/jottadand setsetgidto your group name and change umask to 002 (if your file does not containsetgid, edit the linechroot --userspec jottad:jottadinstead, editing the seconds jottad to your group:chroot --userspec jottad:<group>).
Restart jottad with the commandrestart jottadsysvinit:
Open/etc/init.d/jottadand edit the linegroup="jottad"to your group.
Addumask=002after the linenice="".
Restart jottad with the command/etc/init.d/jottad restart.systemd:
Add an override for the systemd service usingsystemctl edit jottadand enter the following (substituting<group>with your group name):
[Service]
Group=<group>
UMask=0002
Reload the systemd unit files with the command systemctl daemon-reload.
Restart jottad with the command systemctl restart jottad.
Please note that user-group inheritance does not necessarily work as with a shell with systemd. Make sure that the group you are running the service as is the actual group owner for the directories you want to back up. Alternatively consider using SupplementaryGroups.
Making sure the group can access folders and files
Using the solutions over will result in jottad being able to read, write and execute files owned by selected group, but the files and folders themselves will still have to be group read, write and executable. All folder will need the read and execute permission to enter and list contents, and all files should have a minimum of read permission. To understand more of how permissions work on Linux, refer to mentioned Digital Ocean article.
Example: set recommended permissions for a backup folder
$ # Find all folders in the folder to backup and make them executable by the group
$ find /home/<username>/folder_to_backup -type d -exec chmod g+x {} \;
$ # Set all files and folder to group readable
$ chmod -R g+r /home/<username>/folder_to_backup
NB: All parent folders of the folder you add to the back up will also need read and execute permission, for the example over this would be /home and /home/<username>.