Service account not allowing to see files and folders

Set up a service account in my google Drive account.
Added the drive aPI to the user and account.

rclone -v lsd GoogleDLinux:/LINUXBACKUP

shows no files........

when I mkdir I can create a directory however can't see the directory on the web side.

I'm wondering how i can see what I've uploaded in the UI and vise versa.


Service accounts aren't automatically connected to anything. Even if you made them on your personal google account, they aren't really related to that account - aside from that account having the permissions to change or delete them. You can kind of think of them as being their own google accounts except missing a few components. They have their own email addresses ect.

So by default they will just access their own user-space on Gdrive, which is empty (not sure how much storage, if any, they have there).

In order to access your files via a SA, you have to assign them permissions to that account. If you control your own domain you can set a SA to have domain-wide access and thus be able to interact with all the account attached to that domain (see gdrive backend documentation for a guide). Outside of a domain, on a shared drive you could simply invite them to that shared drive. outside a domain on a non-shared drive ... I am not sure if there is any easy way. There may be, but if so I am not aware of the method.

Is there a better way to do this.
I have a linux box which is backing up some databases etc etc and want to rclone the backups to gDrive. I won't be logged into the linux box while things arre happening. and i'd like to be able to see them in my UI. I only have a regular gDrive account and not a domain one.


Then I don't see why a regular Oauth authentication would not work. This is not tied to a spesific machine - it is simply an authentication that is given access to a spesific users files. As long as you can at one point log in with the relevant user (from any machine) and perform the authentication - then you can use this setup (the secret keys are stored in the rclone.conf file) from anywhere. Nothing is stopping you from taking this information home and accessing the same drive that your server is using.

A second option and/or additionally you could set up the rclone remote control (RC). This allows you to remotely command rclone on some other machine without specifically logging into the system. It can also be used via the new rclone webUI both for monitoring and to perform basic actions like copying files around.

The whole mystery of the service account and how to get it to link to the UI is kind of confusing. One thread on SO suggested sharing a WebUI folder with the service account but that doesn't appear to work...

each time rclone has finished running, i have a script email the log to me.

Huh? I'm sorry I don't understand the comment

Well, as I said, authenticating an SA to a non-shared drive when you are not on a domain (or on a domain you do not have admin on) may be a problem.

But as I said previously - it doesn't seem like you would need a SA to do what you ask. If you think I am mistaken then please elaborate on why.

hi and welcome to the forum,

i run rclone on a server, which i am not often logged into.
rclone save the results of the sync to log file and when rclone is done, that logged is emailed to me.
that is how i keep track of rclone on a server i am not logged into.

That is a brilliant explanation!

As far as I know a service account on a normal google drive only ever gets to see its own stuff. You can't use impersonate with it, though I haven't tried the invite method.

Yea the fundamental problem is you have limited means to give access to another account on a normal Gdrive outside of a domain.

The best thing I can come up with is that you should be able to make a shared folder and share it with the SA's email address. That should work for letting the SA have read-access, but AFAIK you can't do any write-access like that.

I tried it and it does work for both read and write access :slight_smile:

We should probably write this up in the docs, because using a service account and --drive-root-folder-id is a nice way of narrowing down the access for a given rclone config.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.