]> git.proxmox.com Git - proxmox-backup.git/blob - pbs-config/src/lib.rs
projects / proxmox-backup.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
move verify.rs to pbs_config workspace
[proxmox-backup.git] / pbs-config / src / lib.rs
1 pub mod domains;
2 pub mod drive;
3 pub mod key_config;
4 pub mod media_pool;
5 pub mod remote;
6 pub mod sync;
7 pub mod tape_encryption_keys;
8 pub mod tape_job;
9 pub mod verify;
10
11 use anyhow::{format_err, Error};
12
13 pub use pbs_buildcfg::{BACKUP_USER_NAME, BACKUP_GROUP_NAME};
14
15 /// Return User info for the 'backup' user (``getpwnam_r(3)``)
16 pub fn backup_user() -> Result<nix::unistd::User, Error> {
17 pbs_tools::sys::query_user(BACKUP_USER_NAME)?
18 .ok_or_else(|| format_err!("Unable to lookup '{}' user.", BACKUP_USER_NAME))
19 }
20
21 /// Return Group info for the 'backup' group (``getgrnam(3)``)
22 pub fn backup_group() -> Result<nix::unistd::Group, Error> {
23 pbs_tools::sys::query_group(BACKUP_GROUP_NAME)?
24 .ok_or_else(|| format_err!("Unable to lookup '{}' group.", BACKUP_GROUP_NAME))
25 }
26 pub struct BackupLockGuard(Option<std::fs::File>);
27
28 #[doc(hidden)]
29 /// Note: do not use for production code, this is only intended for tests
30 pub unsafe fn create_mocked_lock() -> BackupLockGuard {
31 BackupLockGuard(None)
32 }
33
34 /// Open or create a lock file owned by user "backup" and lock it.
35 ///
36 /// Owner/Group of the file is set to backup/backup.
37 /// File mode is 0660.
38 /// Default timeout is 10 seconds.
39 ///
40 /// Note: This method needs to be called by user "root" or "backup".
41 pub fn open_backup_lockfile<P: AsRef<std::path::Path>>(
42 path: P,
43 timeout: Option<std::time::Duration>,
44 exclusive: bool,
45 ) -> Result<BackupLockGuard, Error> {
46 let user = backup_user()?;
47 let options = proxmox::tools::fs::CreateOptions::new()
48 .perm(nix::sys::stat::Mode::from_bits_truncate(0o660))
49 .owner(user.uid)
50 .group(user.gid);
51
52 let timeout = timeout.unwrap_or(std::time::Duration::new(10, 0));
53
54 let file = proxmox::tools::fs::open_file_locked(&path, timeout, exclusive, options)?;
55 Ok(BackupLockGuard(Some(file)))
56 }
57
58 /// Atomically write data to file owned by "root:backup" with permission "0640"
59 ///
60 /// Only the superuser can write those files, but group 'backup' can read them.
61 pub fn replace_backup_config<P: AsRef<std::path::Path>>(
62 path: P,
63 data: &[u8],
64 ) -> Result<(), Error> {
65 let backup_user = backup_user()?;
66 let mode = nix::sys::stat::Mode::from_bits_truncate(0o0640);
67 // set the correct owner/group/permissions while saving file
68 // owner(rw) = root, group(r)= backup
69 let options = proxmox::tools::fs::CreateOptions::new()
70 .perm(mode)
71 .owner(nix::unistd::ROOT)
72 .group(backup_user.gid);
73
74 proxmox::tools::fs::replace_file(path, data, options)?;
75
76 Ok(())
77 }
78
79 /// Atomically write data to file owned by "root:root" with permission "0600"
80 ///
81 /// Only the superuser can read and write those files.
82 pub fn replace_secret_config<P: AsRef<std::path::Path>>(
83 path: P,
84 data: &[u8],
85 ) -> Result<(), Error> {
86 let mode = nix::sys::stat::Mode::from_bits_truncate(0o0600);
87 // set the correct owner/group/permissions while saving file
88 // owner(rw) = root, group(r)= root
89 let options = proxmox::tools::fs::CreateOptions::new()
90 .perm(mode)
91 .owner(nix::unistd::ROOT)
92 .group(nix::unistd::Gid::from_raw(0));
93
94 proxmox::tools::fs::replace_file(path, data, options)?;
95
96 Ok(())
97 }
Proxmox Backup Server and Client