3 pub use cached_user_info
::CachedUserInfo
;
12 pub mod tape_encryption_keys
;
15 pub mod traffic_control
;
19 mod config_version_cache
;
20 pub use config_version_cache
::ConfigVersionCache
;
22 use anyhow
::{format_err, Error}
;
24 pub use pbs_buildcfg
::{BACKUP_USER_NAME, BACKUP_GROUP_NAME}
;
26 /// Return User info for the 'backup' user (``getpwnam_r(3)``)
27 pub fn backup_user() -> Result
<nix
::unistd
::User
, Error
> {
28 pbs_tools
::sys
::query_user(BACKUP_USER_NAME
)?
29 .ok_or_else(|| format_err
!("Unable to lookup '{}' user.", BACKUP_USER_NAME
))
32 /// Return Group info for the 'backup' group (``getgrnam(3)``)
33 pub fn backup_group() -> Result
<nix
::unistd
::Group
, Error
> {
34 pbs_tools
::sys
::query_group(BACKUP_GROUP_NAME
)?
35 .ok_or_else(|| format_err
!("Unable to lookup '{}' group.", BACKUP_GROUP_NAME
))
37 pub struct BackupLockGuard(Option
<std
::fs
::File
>);
40 /// Note: do not use for production code, this is only intended for tests
41 pub unsafe fn create_mocked_lock() -> BackupLockGuard
{
45 /// Open or create a lock file owned by user "backup" and lock it.
47 /// Owner/Group of the file is set to backup/backup.
48 /// File mode is 0660.
49 /// Default timeout is 10 seconds.
51 /// Note: This method needs to be called by user "root" or "backup".
52 pub fn open_backup_lockfile
<P
: AsRef
<std
::path
::Path
>>(
54 timeout
: Option
<std
::time
::Duration
>,
56 ) -> Result
<BackupLockGuard
, Error
> {
57 let user
= backup_user()?
;
58 let options
= proxmox
::tools
::fs
::CreateOptions
::new()
59 .perm(nix
::sys
::stat
::Mode
::from_bits_truncate(0o660))
63 let timeout
= timeout
.unwrap_or(std
::time
::Duration
::new(10, 0));
65 let file
= proxmox
::tools
::fs
::open_file_locked(&path
, timeout
, exclusive
, options
)?
;
66 Ok(BackupLockGuard(Some(file
)))
69 /// Atomically write data to file owned by "root:backup" with permission "0640"
71 /// Only the superuser can write those files, but group 'backup' can read them.
72 pub fn replace_backup_config
<P
: AsRef
<std
::path
::Path
>>(
75 ) -> Result
<(), Error
> {
76 let backup_user
= backup_user()?
;
77 let mode
= nix
::sys
::stat
::Mode
::from_bits_truncate(0o0640);
78 // set the correct owner/group/permissions while saving file
79 // owner(rw) = root, group(r)= backup
80 let options
= proxmox
::tools
::fs
::CreateOptions
::new()
82 .owner(nix
::unistd
::ROOT
)
83 .group(backup_user
.gid
);
85 proxmox
::tools
::fs
::replace_file(path
, data
, options
, true)?
;
90 /// Atomically write data to file owned by "root:root" with permission "0600"
92 /// Only the superuser can read and write those files.
93 pub fn replace_secret_config
<P
: AsRef
<std
::path
::Path
>>(
96 ) -> Result
<(), Error
> {
97 let mode
= nix
::sys
::stat
::Mode
::from_bits_truncate(0o0600);
98 // set the correct owner/group/permissions while saving file
99 // owner(rw) = root, group(r)= root
100 let options
= proxmox
::tools
::fs
::CreateOptions
::new()
102 .owner(nix
::unistd
::ROOT
)
103 .group(nix
::unistd
::Gid
::from_raw(0));
105 proxmox
::tools
::fs
::replace_file(path
, data
, options
, true)?
;