Security

Directory permissions when creating backups

Note

This section is intended for advanced users or system administrators who want detailed information. In typical setups, no action or changes are necessary.

New backup directories created by Back In Time automatically receive their permissions (through rsync) according to the current umask of the system or the user running the program. Depending on this umask, directories may be created with permissions such as 0775 (read, write and execute access for owner and group; read and execute access for others).

However, the permissions of the parent directory also apply. In most cases, backups are stored inside a user’s home directory, which is not accessible to others by default. This means that even if the backup directory itself appears open, other users usually cannot enter it.

If stronger isolation is desired, a more restrictive umask can be set before starting Back In Time, for example 0750 (read, write and execute access for owner; read and execute access for group; no permissions for others). Alternatively, permissions can be adjusted manually after creation, or the parent directory can be secured accordingly.

Effective directory permissions therefore depend on the umask and on the configuration of the parent directories.