projects / proxmox-backup.git / blame
| Commit | Line | Data |
|---|---|---|
| 21211748 | 1 | pub mod domains; |
| 1ce8e905 | 2 | pub mod drive; |
| aad2d162 | 3 | pub mod media_pool; |
| 6afdda88 | 4 | pub mod remote; |
| 21211748 DM |
5 | |
| 6 | use anyhow::{format_err, Error}; | |
| 7 | ||
| 8 | pub use pbs_buildcfg::{BACKUP_USER_NAME, BACKUP_GROUP_NAME}; | |
| 9 | ||
| 10 | /// Return User info for the 'backup' user (``getpwnam_r(3)``) | |
| 11 | pub fn backup_user() -> Result<nix::unistd::User, Error> { | |
| 12 | pbs_tools::sys::query_user(BACKUP_USER_NAME)? | |
| 13 | .ok_or_else(|| format_err!("Unable to lookup '{}' user.", BACKUP_USER_NAME)) | |
| 14 | } | |
| 15 | ||
| 16 | /// Return Group info for the 'backup' group (``getgrnam(3)``) | |
| 17 | pub fn backup_group() -> Result<nix::unistd::Group, Error> { | |
| 18 | pbs_tools::sys::query_group(BACKUP_GROUP_NAME)? | |
| 19 | .ok_or_else(|| format_err!("Unable to lookup '{}' group.", BACKUP_GROUP_NAME)) | |
| 20 | } | |
| ebf34e7e DC |
21 | pub struct BackupLockGuard(Option<std::fs::File>); |
| 22 | ||
| 23 | #[doc(hidden)] | |
| 24 | /// Note: do not use for production code, this is only intended for tests | |
| 25 | pub unsafe fn create_mocked_lock() -> BackupLockGuard { | |
| 26 | BackupLockGuard(None) | |
| 27 | } | |
| 21211748 DM |
28 | |
| 29 | /// Open or create a lock file owned by user "backup" and lock it. | |
| 30 | /// | |
| 31 | /// Owner/Group of the file is set to backup/backup. | |
| 32 | /// File mode is 0660. | |
| 33 | /// Default timeout is 10 seconds. | |
| 34 | /// | |
| 35 | /// Note: This method needs to be called by user "root" or "backup". | |
| 36 | pub fn open_backup_lockfile<P: AsRef<std::path::Path>>( | |
| 37 | path: P, | |
| 38 | timeout: Option<std::time::Duration>, | |
| 39 | exclusive: bool, | |
| 40 | ) -> Result<BackupLockGuard, Error> { | |
| 41 | let user = backup_user()?; | |
| 42 | let options = proxmox::tools::fs::CreateOptions::new() | |
| 43 | .perm(nix::sys::stat::Mode::from_bits_truncate(0o660)) | |
| 44 | .owner(user.uid) | |
| 45 | .group(user.gid); | |
| 46 | ||
| 47 | let timeout = timeout.unwrap_or(std::time::Duration::new(10, 0)); | |
| 48 | ||
| 49 | let file = proxmox::tools::fs::open_file_locked(&path, timeout, exclusive, options)?; | |
| ebf34e7e | 50 | Ok(BackupLockGuard(Some(file))) |
| 21211748 DM |
51 | } |
| 52 | ||
| 53 | /// Atomically write data to file owned by "root:backup" with permission "0640" | |
| 54 | /// | |
| 55 | /// Only the superuser can write those files, but group 'backup' can read them. | |
| 56 | pub fn replace_backup_config<P: AsRef<std::path::Path>>( | |
| 57 | path: P, | |
| 58 | data: &[u8], | |
| 59 | ) -> Result<(), Error> { | |
| 60 | let backup_user = backup_user()?; | |
| 61 | let mode = nix::sys::stat::Mode::from_bits_truncate(0o0640); | |
| 62 | // set the correct owner/group/permissions while saving file | |
| 63 | // owner(rw) = root, group(r)= backup | |
| 64 | let options = proxmox::tools::fs::CreateOptions::new() | |
| 65 | .perm(mode) | |
| 66 | .owner(nix::unistd::ROOT) | |
| 67 | .group(backup_user.gid); | |
| 68 | ||
| 69 | proxmox::tools::fs::replace_file(path, data, options)?; | |
| 70 | ||
| 71 | Ok(()) | |
| 72 | } | |
| 73 | ||
| 74 | /// Atomically write data to file owned by "root:root" with permission "0600" | |
| 75 | /// | |
| 76 | /// Only the superuser can read and write those files. | |
| 77 | pub fn replace_secret_config<P: AsRef<std::path::Path>>( | |
| 78 | path: P, | |
| 79 | data: &[u8], | |
| 80 | ) -> Result<(), Error> { | |
| 81 | let mode = nix::sys::stat::Mode::from_bits_truncate(0o0600); | |
| 82 | // set the correct owner/group/permissions while saving file | |
| 83 | // owner(rw) = root, group(r)= root | |
| 84 | let options = proxmox::tools::fs::CreateOptions::new() | |
| 85 | .perm(mode) | |
| 86 | .owner(nix::unistd::ROOT) | |
| 87 | .group(nix::unistd::Gid::from_raw(0)); | |
| 88 | ||
| 89 | proxmox::tools::fs::replace_file(path, data, options)?; | |
| 90 | ||
| 91 | Ok(()) | |
| 92 | } |