src/config.rs

   1 //! Proxmox Backup Server Configuration library
   2 //!
   3 //! This library contains helper to read, parse and write the
   4 //! configuration files.
   5
   6 use failure::*;
   7
   8 pub mod datastore;
   9
  10 use proxmox::tools::try_block;
  11
  12 use crate::buildcfg;
  13
  14 /// Check configuration directory permissions
  15 ///
  16 /// For security reasons, we want to make sure they are set correctly:
  17 /// * owned by 'backup' user/group
  18 /// * nobody else can read (mode 0700)
  19 pub fn check_configdir_permissions() -> Result<(), Error> {
  20
  21     let cfgdir = buildcfg::CONFIGDIR;
  22     let (backup_uid, backup_gid) = crate::tools::getpwnam_ugid("backup")?;
  23
  24     try_block!({
  25         let stat = nix::sys::stat::stat(cfgdir)?;
  26
  27         if stat.st_uid != backup_uid {
  28             bail!("wrong user ({} != {})",  stat.st_uid, backup_uid);
  29         }
  30         if stat.st_gid != backup_gid {
  31             bail!("wrong group ({} != {})",  stat.st_gid, backup_gid);
  32         }
  33
  34         let perm = stat.st_mode & 0o777;
  35         if perm != 0o700 {
  36             bail!("wrong permission ({:o} != {:o})",  perm, 0o700);
  37         }
  38         Ok(())
  39     }).map_err(|err| format_err!("configuration directory '{}' permission problem - {}", cfgdir, err))
  40 }
  41
  42 pub fn create_configdir() -> Result<(), Error> {
  43
  44     use nix::sys::stat::Mode;
  45
  46     let cfgdir = buildcfg::CONFIGDIR;
  47     let (backup_uid, backup_gid) = crate::tools::getpwnam_ugid("backup")?;
  48
  49     match nix::unistd::mkdir(cfgdir, Mode::from_bits_truncate(0o700)) {
  50         Ok(()) => {},
  51         Err(nix::Error::Sys(nix::errno::Errno::EEXIST)) => {
  52             check_configdir_permissions()?;
  53             return Ok(());
  54         },
  55         Err(err) => bail!("unable to create configuration directory '{}' - {}", cfgdir, err),
  56     }
  57
  58     try_block!({
  59         let uid = nix::unistd::Uid::from_raw(backup_uid);
  60         let gid = nix::unistd::Gid::from_raw(backup_gid);
  61
  62         nix::unistd::chown(cfgdir, Some(uid), Some(gid))?;
  63
  64         Ok(())
  65     }).map_err(|err: Error| format_err!(
  66         "unable to set configuration directory '{}' permissions - {}", cfgdir, err))
  67 }