]>
git.proxmox.com Git - proxmox-backup.git/blob - src/config.rs
1 //! Proxmox Backup Server Configuration library
3 //! This library contains helper to read, parse and write the
4 //! configuration files.
13 /// Check configuration directory permissions
15 /// For security reasons, we want to make sure they are set correctly:
16 /// * owned by 'backup' user/group
17 /// * nobody else can read (mode 0700)
18 pub fn check_configdir_permissions() -> Result
<(), Error
> {
20 let cfgdir
= buildcfg
::CONFIGDIR
;
21 let (backup_uid
, backup_gid
) = tools
::getpwnam_ugid("backup")?
;
24 let stat
= nix
::sys
::stat
::stat(cfgdir
)?
;
26 if stat
.st_uid
!= backup_uid
{
27 bail
!("wrong user ({} != {})", stat
.st_uid
, backup_uid
);
29 if stat
.st_gid
!= backup_gid
{
30 bail
!("wrong group ({} != {})", stat
.st_gid
, backup_gid
);
33 let perm
= stat
.st_mode
& 0o777;
35 bail
!("wrong permission ({:o} != {:o})", perm
, 0o700);
38 }).map_err(|err
| format_err
!("configuration directory '{}' permission problem - {}", cfgdir
, err
))
41 pub fn create_configdir() -> Result
<(), Error
> {
43 use nix
::sys
::stat
::Mode
;
45 let cfgdir
= buildcfg
::CONFIGDIR
;
46 let (backup_uid
, backup_gid
) = tools
::getpwnam_ugid("backup")?
;
48 match nix
::unistd
::mkdir(cfgdir
, Mode
::from_bits_truncate(0o700)) {
50 Err(nix
::Error
::Sys(nix
::errno
::Errno
::EEXIST
)) => {
51 check_configdir_permissions()?
;
54 Err(err
) => bail
!("unable to create configuration directory '{}' - {}", cfgdir
, err
),
58 let uid
= nix
::unistd
::Uid
::from_raw(backup_uid
);
59 let gid
= nix
::unistd
::Gid
::from_raw(backup_gid
);
61 nix
::unistd
::chown(cfgdir
, Some(uid
), Some(gid
))?
;
64 }).map_err(|err
: Error
| format_err
!(
65 "unable to set configuration directory '{}' permissions - {}", cfgdir
, err
))