7 pub mod tape_encryption_keys
;
11 use anyhow
::{format_err, Error}
;
13 pub use pbs_buildcfg
::{BACKUP_USER_NAME, BACKUP_GROUP_NAME}
;
15 /// Return User info for the 'backup' user (``getpwnam_r(3)``)
16 pub fn backup_user() -> Result
<nix
::unistd
::User
, Error
> {
17 pbs_tools
::sys
::query_user(BACKUP_USER_NAME
)?
18 .ok_or_else(|| format_err
!("Unable to lookup '{}' user.", BACKUP_USER_NAME
))
21 /// Return Group info for the 'backup' group (``getgrnam(3)``)
22 pub fn backup_group() -> Result
<nix
::unistd
::Group
, Error
> {
23 pbs_tools
::sys
::query_group(BACKUP_GROUP_NAME
)?
24 .ok_or_else(|| format_err
!("Unable to lookup '{}' group.", BACKUP_GROUP_NAME
))
26 pub struct BackupLockGuard(Option
<std
::fs
::File
>);
29 /// Note: do not use for production code, this is only intended for tests
30 pub unsafe fn create_mocked_lock() -> BackupLockGuard
{
34 /// Open or create a lock file owned by user "backup" and lock it.
36 /// Owner/Group of the file is set to backup/backup.
37 /// File mode is 0660.
38 /// Default timeout is 10 seconds.
40 /// Note: This method needs to be called by user "root" or "backup".
41 pub fn open_backup_lockfile
<P
: AsRef
<std
::path
::Path
>>(
43 timeout
: Option
<std
::time
::Duration
>,
45 ) -> Result
<BackupLockGuard
, Error
> {
46 let user
= backup_user()?
;
47 let options
= proxmox
::tools
::fs
::CreateOptions
::new()
48 .perm(nix
::sys
::stat
::Mode
::from_bits_truncate(0o660))
52 let timeout
= timeout
.unwrap_or(std
::time
::Duration
::new(10, 0));
54 let file
= proxmox
::tools
::fs
::open_file_locked(&path
, timeout
, exclusive
, options
)?
;
55 Ok(BackupLockGuard(Some(file
)))
58 /// Atomically write data to file owned by "root:backup" with permission "0640"
60 /// Only the superuser can write those files, but group 'backup' can read them.
61 pub fn replace_backup_config
<P
: AsRef
<std
::path
::Path
>>(
64 ) -> Result
<(), Error
> {
65 let backup_user
= backup_user()?
;
66 let mode
= nix
::sys
::stat
::Mode
::from_bits_truncate(0o0640);
67 // set the correct owner/group/permissions while saving file
68 // owner(rw) = root, group(r)= backup
69 let options
= proxmox
::tools
::fs
::CreateOptions
::new()
71 .owner(nix
::unistd
::ROOT
)
72 .group(backup_user
.gid
);
74 proxmox
::tools
::fs
::replace_file(path
, data
, options
)?
;
79 /// Atomically write data to file owned by "root:root" with permission "0600"
81 /// Only the superuser can read and write those files.
82 pub fn replace_secret_config
<P
: AsRef
<std
::path
::Path
>>(
85 ) -> Result
<(), Error
> {
86 let mode
= nix
::sys
::stat
::Mode
::from_bits_truncate(0o0600);
87 // set the correct owner/group/permissions while saving file
88 // owner(rw) = root, group(r)= root
89 let options
= proxmox
::tools
::fs
::CreateOptions
::new()
91 .owner(nix
::unistd
::ROOT
)
92 .group(nix
::unistd
::Gid
::from_raw(0));
94 proxmox
::tools
::fs
::replace_file(path
, data
, options
)?
;