restore daemon: setup backup system user and group

now required as we always enforce lock files to be owned by the
backup user, and the restore code uses such code indirectly as the
REST server module is reused from proxmox-backup-server. Once that is
refactored out we may do away such things, but until then we need to
have a somewhat complete system env.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>

diff --git a/src/bin/proxmox-restore-daemon.rs b/src/bin/proxmox-restore-daemon.rs
index 5456bd23293ba1c1f4e56bb64e1c5f630a4c00f4..50f58d78980e1b77af03288b8b060e0af050010a 100644 (file)
--- a/src/bin/proxmox-restore-daemon.rs
+++ b/src/bin/proxmox-restore-daemon.rs
@@ -18,6 +18,9 @@ use pbs_client::DEFAULT_VSOCK_PORT;
 use proxmox::api::RpcEnvironmentType;
 use proxmox_backup::server::{rest::*, ApiConfig};
 
+use std::fs::File;
+use std::io::prelude::*;
+
 mod proxmox_restore_daemon;
 use proxmox_restore_daemon::*;
 
@@ -70,6 +73,18 @@ fn setup_system_env() -> Result<(), Error> {
     // we do not care much, but it's way less headache to just create it
     std::fs::create_dir_all("/run/proxmox-backup")?;
 
+    // we now ensure that all lock files are owned by the backup user, and as we reuse the
+    // specialized REST module from pbs api/daemon we have some checks there for user/acl stuff
+    // that gets locked, and thus needs the backup system user to work.
+    std::fs::create_dir_all("/etc")?;
+    let mut passwd = File::create("/etc/passwd")?;
+    writeln!(passwd, "root:x:0:0:root:/root:/bin/sh")?;
+    writeln!(passwd, "backup:x:34:34:backup:/var/backups:/usr/sbin/nologin")?;
+
+    let mut group = File::create("/etc/group")?;
+    writeln!(group, "root:x:0:")?;
+    writeln!(group, "backup:x:34:")?;
+
     Ok(())
 }