generate authkey: public part needs to be readable by backup group

author Thomas Lamprecht <t.lamprecht@proxmox.com>

Tue, 17 Dec 2019 08:53:21 +0000 (09:53 +0100)

committer Thomas Lamprecht <t.lamprecht@proxmox.com>

Tue, 17 Dec 2019 09:17:03 +0000 (10:17 +0100)
author Thomas Lamprecht <t.lamprecht@proxmox.com>
Tue, 17 Dec 2019 08:53:21 +0000 (09:53 +0100)
committer Thomas Lamprecht <t.lamprecht@proxmox.com>
Tue, 17 Dec 2019 09:17:03 +0000 (10:17 +0100)
diff --git a/src/auth_helpers.rs b/src/auth_helpers.rs

index 3db79d288a032d3887e0b0feff1a7a0610b501d3..fe981fd97f705ce075e4f59a82f64564619382ea 100644 (file)
--- a/src/auth_helpers.rs
+++ b/src/auth_helpers.rs
@@ -128,7 +128,12 @@ pub fn generate_auth_key() -> Result<(), Error> {
  
      let public_pem = rsa.public_key_to_pem()?;
  
-    file_set_contents(&public_path, &public_pem, None)?;
+    let (_, backup_gid) = crate::tools::getpwnam_ugid("backup")?;
+    let uid = Some(nix::unistd::ROOT);
+    let gid = Some(nix::unistd::Gid::from_raw(backup_gid));
+
+    file_set_contents_full(
+        &public_path, &public_pem, Some(Mode::from_bits_truncate(0o0640)), uid, gid)?;
  
      Ok(())
  }
author	Thomas Lamprecht <t.lamprecht@proxmox.com>
	Tue, 17 Dec 2019 08:53:21 +0000 (09:53 +0100)
committer	Thomas Lamprecht <t.lamprecht@proxmox.com>
	Tue, 17 Dec 2019 09:17:03 +0000 (10:17 +0100)