Now I feel a bit more justified for over-engineering my automatic restic backup to not run as root, but to instead use "capabilities" to read files it doesn't own.
Namely, CAP_DAC_READ_SEARCH [0] and related systemd settings. The only problem is that it inhibits using a convenience/wrapper script.
Namely, CAP_DAC_READ_SEARCH [0] and related systemd settings. The only problem is that it inhibits using a convenience/wrapper script.
[0] https://www.man7.org/linux/man-pages/man7/capabilities.7.htm...