From f000f41c91a8acc19d1619909a78684daadf3cbf Mon Sep 17 00:00:00 2001 From: rawtaz Date: Sun, 7 Mar 2021 15:57:30 +0100 Subject: [PATCH] doc: Clarify setcap applying only to current binary --- doc/080_examples.rst | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/doc/080_examples.rst b/doc/080_examples.rst index 0f2f2441f..cc3328741 100644 --- a/doc/080_examples.rst +++ b/doc/080_examples.rst @@ -338,6 +338,13 @@ attribute, interpret it and assign capabilities accordingly. root@a3e580b6369d:/# setcap cap_dac_read_search=+ep ~restic/bin/restic +.. important:: The capabilities of the ``setcap`` command only applies to this + specific copy of the restic binary. If you run ``restic self-update`` or + in any other way replace or update the binary, the capabilities you added + above will not be in effect for the new binary. To mitigate this, simply + run the ``setcap`` command again, to make sure that the new binary has the + same and intended capabilities. + From now on the user ``restic`` can run restic to backup the whole system.