]>
Commit | Line | Data |
---|---|---|
21211748 | 1 | pub mod domains; |
1ce8e905 | 2 | pub mod drive; |
aad2d162 | 3 | pub mod media_pool; |
6afdda88 | 4 | pub mod remote; |
21211748 DM |
5 | |
6 | use anyhow::{format_err, Error}; | |
7 | ||
8 | pub use pbs_buildcfg::{BACKUP_USER_NAME, BACKUP_GROUP_NAME}; | |
9 | ||
10 | /// Return User info for the 'backup' user (``getpwnam_r(3)``) | |
11 | pub fn backup_user() -> Result<nix::unistd::User, Error> { | |
12 | pbs_tools::sys::query_user(BACKUP_USER_NAME)? | |
13 | .ok_or_else(|| format_err!("Unable to lookup '{}' user.", BACKUP_USER_NAME)) | |
14 | } | |
15 | ||
16 | /// Return Group info for the 'backup' group (``getgrnam(3)``) | |
17 | pub fn backup_group() -> Result<nix::unistd::Group, Error> { | |
18 | pbs_tools::sys::query_group(BACKUP_GROUP_NAME)? | |
19 | .ok_or_else(|| format_err!("Unable to lookup '{}' group.", BACKUP_GROUP_NAME)) | |
20 | } | |
ebf34e7e DC |
21 | pub struct BackupLockGuard(Option<std::fs::File>); |
22 | ||
23 | #[doc(hidden)] | |
24 | /// Note: do not use for production code, this is only intended for tests | |
25 | pub unsafe fn create_mocked_lock() -> BackupLockGuard { | |
26 | BackupLockGuard(None) | |
27 | } | |
21211748 DM |
28 | |
29 | /// Open or create a lock file owned by user "backup" and lock it. | |
30 | /// | |
31 | /// Owner/Group of the file is set to backup/backup. | |
32 | /// File mode is 0660. | |
33 | /// Default timeout is 10 seconds. | |
34 | /// | |
35 | /// Note: This method needs to be called by user "root" or "backup". | |
36 | pub fn open_backup_lockfile<P: AsRef<std::path::Path>>( | |
37 | path: P, | |
38 | timeout: Option<std::time::Duration>, | |
39 | exclusive: bool, | |
40 | ) -> Result<BackupLockGuard, Error> { | |
41 | let user = backup_user()?; | |
42 | let options = proxmox::tools::fs::CreateOptions::new() | |
43 | .perm(nix::sys::stat::Mode::from_bits_truncate(0o660)) | |
44 | .owner(user.uid) | |
45 | .group(user.gid); | |
46 | ||
47 | let timeout = timeout.unwrap_or(std::time::Duration::new(10, 0)); | |
48 | ||
49 | let file = proxmox::tools::fs::open_file_locked(&path, timeout, exclusive, options)?; | |
ebf34e7e | 50 | Ok(BackupLockGuard(Some(file))) |
21211748 DM |
51 | } |
52 | ||
53 | /// Atomically write data to file owned by "root:backup" with permission "0640" | |
54 | /// | |
55 | /// Only the superuser can write those files, but group 'backup' can read them. | |
56 | pub fn replace_backup_config<P: AsRef<std::path::Path>>( | |
57 | path: P, | |
58 | data: &[u8], | |
59 | ) -> Result<(), Error> { | |
60 | let backup_user = backup_user()?; | |
61 | let mode = nix::sys::stat::Mode::from_bits_truncate(0o0640); | |
62 | // set the correct owner/group/permissions while saving file | |
63 | // owner(rw) = root, group(r)= backup | |
64 | let options = proxmox::tools::fs::CreateOptions::new() | |
65 | .perm(mode) | |
66 | .owner(nix::unistd::ROOT) | |
67 | .group(backup_user.gid); | |
68 | ||
69 | proxmox::tools::fs::replace_file(path, data, options)?; | |
70 | ||
71 | Ok(()) | |
72 | } | |
73 | ||
74 | /// Atomically write data to file owned by "root:root" with permission "0600" | |
75 | /// | |
76 | /// Only the superuser can read and write those files. | |
77 | pub fn replace_secret_config<P: AsRef<std::path::Path>>( | |
78 | path: P, | |
79 | data: &[u8], | |
80 | ) -> Result<(), Error> { | |
81 | let mode = nix::sys::stat::Mode::from_bits_truncate(0o0600); | |
82 | // set the correct owner/group/permissions while saving file | |
83 | // owner(rw) = root, group(r)= root | |
84 | let options = proxmox::tools::fs::CreateOptions::new() | |
85 | .perm(mode) | |
86 | .owner(nix::unistd::ROOT) | |
87 | .group(nix::unistd::Gid::from_raw(0)); | |
88 | ||
89 | proxmox::tools::fs::replace_file(path, data, options)?; | |
90 | ||
91 | Ok(()) | |
92 | } |