file logger: add option to make the backup user the log file owner

and use that in ApiConfig to avoid that it is owned by root if the
proxmox-backup-api process creates it first.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>

diff --git a/src/server/config.rs b/src/server/config.rs
index cdaa5acdbc06b0bc80d466f52b049e57d68e881c..045a5978ae4036d162ea4052c3d1eee1ea290c9e 100644 (file)
--- a/src/server/config.rs
+++ b/src/server/config.rs
@@ -139,6 +139,7 @@ impl ApiConfig {
 
         let logger_options = FileLogOptions {
             append: true,
+            owned_by_backup: true,
             ..Default::default()
         };
         self.request_log = Some(Mutex::new(FileLogger::new(&path, logger_options)?));

diff --git a/src/tools/file_logger.rs b/src/tools/file_logger.rs
index e0735b98fb0ab3bd31456189e9de351588ededb4..cfd434015fdda4134bf465e9337da4ec8cdab610 100644 (file)
--- a/src/tools/file_logger.rs
+++ b/src/tools/file_logger.rs
@@ -38,6 +38,10 @@ pub struct FileLogOptions {
     pub to_stdout: bool,
     /// Prefix messages logged to the file with the current local time as RFC 3339
     pub prefix_time: bool,
+    /// if set, the file is tried to be chowned by the backup:backup user/group
+    /// Note, this is not designed race free as anybody could set it to another user afterwards
+    /// anyway. It must thus be used by all processes which doe not run as backup uid/gid.
+    pub owned_by_backup: bool,
 }
 
 #[derive(Debug)]
@@ -65,7 +69,12 @@ impl FileLogger {
             .append(options.append)
             .create_new(options.exclusive)
             .create(!options.exclusive)
-            .open(file_name)?;
+            .open(&file_name)?;
+
+        if options.owned_by_backup {
+            let backup_user = crate::backup::backup_user()?;
+            nix::unistd::chown(file_name.as_ref(), Some(backup_user.uid), Some(backup_user.gid))?;
+        }
 
         Ok(Self { file, options })
     }