]>
Commit | Line | Data |
---|---|---|
8cc3760e | 1 | pub mod acl; |
ba3d7e19 DM |
2 | mod cached_user_info; |
3 | pub use cached_user_info::CachedUserInfo; | |
e7d4be9d | 4 | pub mod datastore; |
21211748 | 5 | pub mod domains; |
1ce8e905 | 6 | pub mod drive; |
bbdda58b | 7 | pub mod key_config; |
aad2d162 | 8 | pub mod media_pool; |
6f422880 | 9 | pub mod network; |
6afdda88 | 10 | pub mod remote; |
a4e5a0fc | 11 | pub mod sync; |
5839c469 | 12 | pub mod tape_encryption_keys; |
e3619d41 | 13 | pub mod tape_job; |
1cb08a0a | 14 | pub mod token_shadow; |
bfd12e87 | 15 | pub mod traffic_control; |
ba3d7e19 | 16 | pub mod user; |
802189f7 | 17 | pub mod verify; |
21211748 | 18 | |
cb80ffc1 DM |
19 | mod config_version_cache; |
20 | pub use config_version_cache::ConfigVersionCache; | |
ba3d7e19 | 21 | |
21211748 | 22 | use anyhow::{format_err, Error}; |
fddb9bcc | 23 | use nix::unistd::{Gid, Group, Uid, User}; |
21211748 DM |
24 | |
25 | pub use pbs_buildcfg::{BACKUP_USER_NAME, BACKUP_GROUP_NAME}; | |
26 | ||
27 | /// Return User info for the 'backup' user (``getpwnam_r(3)``) | |
28 | pub fn backup_user() -> Result<nix::unistd::User, Error> { | |
fddb9bcc DM |
29 | if cfg!(test) { |
30 | Ok(User::from_uid(Uid::current())?.expect("current user does not exist")) | |
31 | } else { | |
32 | User::from_name(BACKUP_USER_NAME)? | |
33 | .ok_or_else(|| format_err!("Unable to lookup '{}' user.", BACKUP_USER_NAME)) | |
34 | } | |
21211748 DM |
35 | } |
36 | ||
37 | /// Return Group info for the 'backup' group (``getgrnam(3)``) | |
38 | pub fn backup_group() -> Result<nix::unistd::Group, Error> { | |
fddb9bcc DM |
39 | if cfg!(test) { |
40 | Ok(Group::from_gid(Gid::current())?.expect("current group does not exist")) | |
41 | } else { | |
42 | Group::from_name(BACKUP_GROUP_NAME)? | |
43 | .ok_or_else(|| format_err!("Unable to lookup '{}' group.", BACKUP_GROUP_NAME)) | |
44 | } | |
21211748 | 45 | } |
fddb9bcc | 46 | |
ebf34e7e DC |
47 | pub struct BackupLockGuard(Option<std::fs::File>); |
48 | ||
49 | #[doc(hidden)] | |
50 | /// Note: do not use for production code, this is only intended for tests | |
51 | pub unsafe fn create_mocked_lock() -> BackupLockGuard { | |
52 | BackupLockGuard(None) | |
53 | } | |
21211748 DM |
54 | |
55 | /// Open or create a lock file owned by user "backup" and lock it. | |
56 | /// | |
57 | /// Owner/Group of the file is set to backup/backup. | |
58 | /// File mode is 0660. | |
59 | /// Default timeout is 10 seconds. | |
60 | /// | |
61 | /// Note: This method needs to be called by user "root" or "backup". | |
62 | pub fn open_backup_lockfile<P: AsRef<std::path::Path>>( | |
63 | path: P, | |
64 | timeout: Option<std::time::Duration>, | |
65 | exclusive: bool, | |
66 | ) -> Result<BackupLockGuard, Error> { | |
67 | let user = backup_user()?; | |
25877d05 | 68 | let options = proxmox_sys::fs::CreateOptions::new() |
21211748 DM |
69 | .perm(nix::sys::stat::Mode::from_bits_truncate(0o660)) |
70 | .owner(user.uid) | |
71 | .group(user.gid); | |
72 | ||
73 | let timeout = timeout.unwrap_or(std::time::Duration::new(10, 0)); | |
74 | ||
25877d05 | 75 | let file = proxmox_sys::fs::open_file_locked(&path, timeout, exclusive, options)?; |
ebf34e7e | 76 | Ok(BackupLockGuard(Some(file))) |
21211748 DM |
77 | } |
78 | ||
79 | /// Atomically write data to file owned by "root:backup" with permission "0640" | |
80 | /// | |
81 | /// Only the superuser can write those files, but group 'backup' can read them. | |
82 | pub fn replace_backup_config<P: AsRef<std::path::Path>>( | |
83 | path: P, | |
84 | data: &[u8], | |
85 | ) -> Result<(), Error> { | |
86 | let backup_user = backup_user()?; | |
87 | let mode = nix::sys::stat::Mode::from_bits_truncate(0o0640); | |
88 | // set the correct owner/group/permissions while saving file | |
89 | // owner(rw) = root, group(r)= backup | |
25877d05 | 90 | let options = proxmox_sys::fs::CreateOptions::new() |
21211748 DM |
91 | .perm(mode) |
92 | .owner(nix::unistd::ROOT) | |
93 | .group(backup_user.gid); | |
94 | ||
25877d05 | 95 | proxmox_sys::fs::replace_file(path, data, options, true)?; |
21211748 DM |
96 | |
97 | Ok(()) | |
98 | } | |
99 | ||
100 | /// Atomically write data to file owned by "root:root" with permission "0600" | |
101 | /// | |
102 | /// Only the superuser can read and write those files. | |
103 | pub fn replace_secret_config<P: AsRef<std::path::Path>>( | |
104 | path: P, | |
105 | data: &[u8], | |
106 | ) -> Result<(), Error> { | |
107 | let mode = nix::sys::stat::Mode::from_bits_truncate(0o0600); | |
108 | // set the correct owner/group/permissions while saving file | |
109 | // owner(rw) = root, group(r)= root | |
25877d05 | 110 | let options = proxmox_sys::fs::CreateOptions::new() |
21211748 DM |
111 | .perm(mode) |
112 | .owner(nix::unistd::ROOT) | |
113 | .group(nix::unistd::Gid::from_raw(0)); | |
114 | ||
25877d05 | 115 | proxmox_sys::fs::replace_file(path, data, options, true)?; |
21211748 DM |
116 | |
117 | Ok(()) | |
118 | } |