]>
git.proxmox.com Git - proxmox-backup.git/blob - src/config.rs
1 //! Proxmox Backup Server Configuration library
3 //! This library contains helper to read, parse and write the
4 //! configuration files.
10 use proxmox
::tools
::try_block
;
14 /// Check configuration directory permissions
16 /// For security reasons, we want to make sure they are set correctly:
17 /// * owned by 'backup' user/group
18 /// * nobody else can read (mode 0700)
19 pub fn check_configdir_permissions() -> Result
<(), Error
> {
21 let cfgdir
= buildcfg
::CONFIGDIR
;
22 let (backup_uid
, backup_gid
) = crate::tools
::getpwnam_ugid("backup")?
;
25 let stat
= nix
::sys
::stat
::stat(cfgdir
)?
;
27 if stat
.st_uid
!= backup_uid
{
28 bail
!("wrong user ({} != {})", stat
.st_uid
, backup_uid
);
30 if stat
.st_gid
!= backup_gid
{
31 bail
!("wrong group ({} != {})", stat
.st_gid
, backup_gid
);
34 let perm
= stat
.st_mode
& 0o777;
36 bail
!("wrong permission ({:o} != {:o})", perm
, 0o700);
39 }).map_err(|err
| format_err
!("configuration directory '{}' permission problem - {}", cfgdir
, err
))
42 pub fn create_configdir() -> Result
<(), Error
> {
44 use nix
::sys
::stat
::Mode
;
46 let cfgdir
= buildcfg
::CONFIGDIR
;
47 let (backup_uid
, backup_gid
) = crate::tools
::getpwnam_ugid("backup")?
;
49 match nix
::unistd
::mkdir(cfgdir
, Mode
::from_bits_truncate(0o700)) {
51 Err(nix
::Error
::Sys(nix
::errno
::Errno
::EEXIST
)) => {
52 check_configdir_permissions()?
;
55 Err(err
) => bail
!("unable to create configuration directory '{}' - {}", cfgdir
, err
),
59 let uid
= nix
::unistd
::Uid
::from_raw(backup_uid
);
60 let gid
= nix
::unistd
::Gid
::from_raw(backup_gid
);
62 nix
::unistd
::chown(cfgdir
, Some(uid
), Some(gid
))?
;
65 }).map_err(|err
: Error
| format_err
!(
66 "unable to set configuration directory '{}' permissions - {}", cfgdir
, err
))