Owner and group ids of some files in ~/.local/share/containers/

Ask Fedora Ask in English
, , ,
1

Hi,
I am regularly backing up my home dir to several external drives using rsync (backintime and deja-dup). In the logs I noticed that some files couldn’t be backed up because my user is not the owner of the files.

For example:

~/.local/share/containers/storage/overlay/538a0a4e94c5199eb266a4ba91093c91e0b151b1cb87f3b68987ffdacb69f1da
~/.local/share/containers/storage/overlay/cc7c83d09df01831b1b7f28a4e0571a2cbb9fdbf74b070af68d6863600c91ccf/in the logsdiff/var/cache/apt/archives/partial
~/.local/share/containers/storage/overlay/f55da1c41127d3a4e2b2c47fbe4cb939a24a60607ea26adc2f6558eabe3dd4c5/diff/var/cache/apt/archives/partial

or

[E] Error: rsync: [sender] opendir "~/.local/share/containers/storage/overlay-containers/71ce4d902ec46505eb41b1eb3e7c0a22f031ce7dbad46a6c32eea0687bdb87e2/userdata" failed: Permission denied (13)

the files are owned by uid user#100000 and gid 100000. That explains why my user doesn’t have access but I would like to understand why certain files in ~/.local/share/containers/ belong to another user and group and how I could find out what those overlays and overlay-containers actually are.

I am not too worried about some files not being backed up - I just want to understand what’s going on here. (maybe I want those files backed up).

Thanks!

2

~/.local/share/containers/ is where your podman containers are stored. If you don’t use podman directly, you might also be using it through toolbox. Usually, you would not want to include them with your normal home dir backup, since containers can be easily recreated (of course, if you generate data in containers, you should have a way to get them out and back them up separately).

The different UIDs is how rootless podman works.

2 Likes
3

When a container shares a filesystem with a host, file permissions are mapped transparently, but UIDs and GIDs are different, see:

man subuid subgid

Some files can have restrictive permissions to allow access only to matching subordinate UIDs and GIDs inside the container.
However, subordinate UIDs and GIDs are different from your UID and GID on the host, that’s why you cannot access files with restrictive permissions.
You can overcome filesystem restrictions by launching the sync application with elevated privileges.

1 Like