]>
git.proxmox.com Git - proxmox-backup.git/blob - src/config.rs
1 //! Proxmox Backup Server Configuration library
3 //! This library contains helper to read, parse and write the
4 //! configuration files.
8 use proxmox
::tools
::try_block
;
14 /// Check configuration directory permissions
16 /// For security reasons, we want to make sure they are set correctly:
17 /// * owned by 'backup' user/group
18 /// * nobody else can read (mode 0700)
19 pub fn check_configdir_permissions() -> Result
<(), Error
> {
20 let cfgdir
= buildcfg
::CONFIGDIR
;
22 let backup_user
= crate::backup
::backup_user()?
;
23 let backup_uid
= backup_user
.uid
.as_raw();
24 let backup_gid
= backup_user
.gid
.as_raw();
27 let stat
= nix
::sys
::stat
::stat(cfgdir
)?
;
29 if stat
.st_uid
!= backup_uid
{
30 bail
!("wrong user ({} != {})", stat
.st_uid
, backup_uid
);
32 if stat
.st_gid
!= backup_gid
{
33 bail
!("wrong group ({} != {})", stat
.st_gid
, backup_gid
);
36 let perm
= stat
.st_mode
& 0o777;
38 bail
!("wrong permission ({:o} != {:o})", perm
, 0o700);
44 "configuration directory '{}' permission problem - {}",
51 pub fn create_configdir() -> Result
<(), Error
> {
52 use nix
::sys
::stat
::Mode
;
54 let cfgdir
= buildcfg
::CONFIGDIR
;
56 match nix
::unistd
::mkdir(cfgdir
, Mode
::from_bits_truncate(0o700)) {
58 Err(nix
::Error
::Sys(nix
::errno
::Errno
::EEXIST
)) => {
59 check_configdir_permissions()?
;
63 "unable to create configuration directory '{}' - {}",
69 let backup_user
= crate::backup
::backup_user()?
;
71 nix
::unistd
::chown(cfgdir
, Some(backup_user
.uid
), Some(backup_user
.gid
))
74 "unable to set configuration directory '{}' permissions - {}",