Using rclone with google service accts - reauthorization still required?

What is the problem you are having with rclone?

Hi -

I am trying to use Rclone from an unmanned shelf-mounted linux platform, using a Google Drive remote. Since human interaction with the system is rare, reauthorization is problematic. There is a webserver on the unit that can provides a UI for what limited interaction is available, but there is no monitor and no web browser. The description of Google service accounts sounds ideal for this situation, but I am uncertain that this will actually solve my problem, since I still have to reference the parent Google drive to do anything useful. My configuration of the remote side (Google) is like this:

Google Drive (Google)            Service Account (gdrive)
   |                                   |
   +--"shared" (folder) <--------------+ ('Editor' permissions for

This was the only way that I could find that allows me to monitor usage, avoid the 15G service acct limit, and easily share my uploaded data.

On the surface, this seems like it will work well, however; the only way I can actually make use of this from my system is to use commands like:

    rclone -v --drive-impersonate copy my-file Google:shared

in which the command references the main 'Google' acct drive. This means that Rclone refers to and uses the main account's access/refresh token (to authorize its use of the main account). I have verified this is the case by removing the 'token' field from the rclone.conf file, leaving only the client_id & client_secret, which causes Rclone commands to fail. My fear is that this means I am right back where I started, in which case my system may at some point have to reauthorize for access to the main account. Is this correct? Is there any way around this?

Follow up question - if this situation is unavoidable, is there a way (programmatic via command return code or similar) to recognize that reauthorization is needed, so that the condition could be flagged and an administrator can be notified to fix the problem?

Thanks in advance.

Run the command 'rclone version' and share the full output of the command.

rclone v1.61.0-DEV

  • os/version: buildroot 2020.02.3 (64 bit)
  • os/kernel: 5.10.0 (aarch64)
  • os/type: linux
  • os/arch: arm64
  • go/version: go1.19.3
  • go/linking: static
  • go/tags: none

Which cloud storage system are you using? (eg Google Drive)

Google Drive
with a Service Acct

The command you were trying to run (eg rclone copy /tmp remote:tmp)

Any command that references the parent acct drive

The rclone config contents with secrets removed.

type = drive
client_id =
client_secret = theClientSecret
scope = drive
team_drive =
token = {"access_token":"theAccessToken","token_type":"Bearer","refresh_token":"theRefreshToken","expiry":"2023-01-18T19:15:08.360804721Z"}

type = drive
scope = drive
service_account_file = /root/.config/rclone/service-acct-uuid.json
team_drive =

A log from the command with the -vv flag

Commands are not failing.  

I think you've found the correct workaround - using a shared folder which you give the service account access to.

However you need to use the --drive-shared-with-me flag (or the equivalent config parameter) and the gdrive: remote to access it to be using the service account.

Many thanks!
This was the missing piece of my puzzle.
I have verified that adding --drive-shared-with-me to the commands or shared-with-me to the service acct config entry allows me to access the 'shared' folder referencing only the 'gdrive' service account.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.