diff --git a/docs/how-tos/replace-deprecated-backup-from-snapshot.md b/docs/how-tos/replace-deprecated-backup-from-snapshot.md index 036cf403..17ff161a 100644 --- a/docs/how-tos/replace-deprecated-backup-from-snapshot.md +++ b/docs/how-tos/replace-deprecated-backup-from-snapshot.md @@ -2,7 +2,7 @@ title: Replace deprecated BACKUP_FROM_SNAPSHOT usage layout: default parent: How Tos -nav_order: 16 +nav_order: 17 --- # Replace deprecated `BACKUP_FROM_SNAPSHOT` usage diff --git a/docs/how-tos/replace-deprecated-backup-stop-container-label.md b/docs/how-tos/replace-deprecated-backup-stop-container-label.md index f8841cb3..adaa4632 100644 --- a/docs/how-tos/replace-deprecated-backup-stop-container-label.md +++ b/docs/how-tos/replace-deprecated-backup-stop-container-label.md @@ -2,7 +2,7 @@ title: Replace deprecated BACKUP_STOP_CONTAINER_LABEL setting layout: default parent: How Tos -nav_order: 19 +nav_order: 20 --- # Replace deprecated `BACKUP_STOP_CONTAINER_LABEL` setting diff --git a/docs/how-tos/replace-deprecated-exec-labels.md b/docs/how-tos/replace-deprecated-exec-labels.md index 7f7841ad..050acd39 100644 --- a/docs/how-tos/replace-deprecated-exec-labels.md +++ b/docs/how-tos/replace-deprecated-exec-labels.md @@ -2,7 +2,7 @@ title: Replace deprecated exec-pre and exec-post labels layout: default parent: How Tos -nav_order: 17 +nav_order: 18 --- # Replace deprecated `exec-pre` and `exec-post` labels diff --git a/docs/how-tos/run-rootless.md b/docs/how-tos/run-rootless.md new file mode 100644 index 00000000..1fa1a62d --- /dev/null +++ b/docs/how-tos/run-rootless.md @@ -0,0 +1,36 @@ +--- +title: Use the image as a non-root user +layout: default +parent: How Tos +nav_order: 16 +--- + +# Use the image as a non-root user + +{: .important } +Running as a non-root user limits interaction with the Docker Daemon. +If you want to stop and restart containers and services during backup, and the host's Docker daemon is running as root, you will also need to run this tool as root. + +By default, this image executes backups using the `root` user. +In case you prefer to use a different user, you can use Docker's [`user` ](https://docs.docker.com/engine/reference/run/#user) option, passing the user and group id: + +```console +docker run --rm \ + -v data:/backup/data \ + --env AWS_ACCESS_KEY_ID="" \ + --env AWS_SECRET_ACCESS_KEY="" \ + --env AWS_S3_BUCKET_NAME="" \ + --entrypoint backup \ + --user 1000:1000 \ + offen/docker-volume-backup:v2 +``` + +or in a compose file: + +```yml +services: + backup: + image: offen/docker-volume-backup:v2 + user: 1000:1000 + # further configuration omitted ... +``` diff --git a/docs/how-tos/update-deprecated-email-config.md b/docs/how-tos/update-deprecated-email-config.md index af1b2b58..132524df 100644 --- a/docs/how-tos/update-deprecated-email-config.md +++ b/docs/how-tos/update-deprecated-email-config.md @@ -2,7 +2,7 @@ title: Update deprecated email configuration layout: default parent: How Tos -nav_order: 18 +nav_order: 19 --- # Update deprecated email configuration diff --git a/docs/recipes/index.md b/docs/recipes/index.md index 5a2220c0..3b4045e9 100644 --- a/docs/recipes/index.md +++ b/docs/recipes/index.md @@ -371,3 +371,24 @@ volumes: data_1: data_2: ``` + +## Running as a non-root user + +```yml +version: '3' + +services: + # ... define other services using the `data` volume here + backup: + image: offen/docker-volume-backup:v2 + user: 1000:1000 + environment: + AWS_S3_BUCKET_NAME: backup-bucket + AWS_ACCESS_KEY_ID: AKIAIOSFODNN7EXAMPLE + AWS_SECRET_ACCESS_KEY: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY + volumes: + - data:/backup/my-app-backup:ro + +volumes: + data: +```