2021-09-09 08:32:44 +00:00
|
|
|
pub mod acl;
|
2021-09-10 04:53:53 +00:00
|
|
|
mod cached_user_info;
|
|
|
|
pub use cached_user_info::CachedUserInfo;
|
2021-09-10 06:40:58 +00:00
|
|
|
pub mod datastore;
|
2021-09-02 10:47:11 +00:00
|
|
|
pub mod domains;
|
2021-09-03 07:10:18 +00:00
|
|
|
pub mod drive;
|
2021-09-07 07:22:14 +00:00
|
|
|
pub mod key_config;
|
2021-09-06 06:56:04 +00:00
|
|
|
pub mod media_pool;
|
2021-09-08 10:22:48 +00:00
|
|
|
pub mod network;
|
2021-09-02 12:25:15 +00:00
|
|
|
pub mod remote;
|
2021-09-08 04:57:23 +00:00
|
|
|
pub mod sync;
|
2021-09-07 08:37:08 +00:00
|
|
|
pub mod tape_encryption_keys;
|
2021-09-07 10:32:01 +00:00
|
|
|
pub mod tape_job;
|
2021-09-08 12:00:14 +00:00
|
|
|
pub mod token_shadow;
|
2021-09-10 04:53:53 +00:00
|
|
|
pub mod user;
|
2021-09-08 06:01:07 +00:00
|
|
|
pub mod verify;
|
2021-09-02 10:47:11 +00:00
|
|
|
|
2021-09-10 04:53:53 +00:00
|
|
|
pub(crate) mod memcom;
|
|
|
|
|
2021-09-02 10:47:11 +00:00
|
|
|
use anyhow::{format_err, Error};
|
|
|
|
|
|
|
|
pub use pbs_buildcfg::{BACKUP_USER_NAME, BACKUP_GROUP_NAME};
|
|
|
|
|
|
|
|
/// Return User info for the 'backup' user (``getpwnam_r(3)``)
|
|
|
|
pub fn backup_user() -> Result<nix::unistd::User, Error> {
|
|
|
|
pbs_tools::sys::query_user(BACKUP_USER_NAME)?
|
|
|
|
.ok_or_else(|| format_err!("Unable to lookup '{}' user.", BACKUP_USER_NAME))
|
|
|
|
}
|
|
|
|
|
|
|
|
/// Return Group info for the 'backup' group (``getgrnam(3)``)
|
|
|
|
pub fn backup_group() -> Result<nix::unistd::Group, Error> {
|
|
|
|
pbs_tools::sys::query_group(BACKUP_GROUP_NAME)?
|
|
|
|
.ok_or_else(|| format_err!("Unable to lookup '{}' group.", BACKUP_GROUP_NAME))
|
|
|
|
}
|
2021-09-06 15:00:25 +00:00
|
|
|
pub struct BackupLockGuard(Option<std::fs::File>);
|
|
|
|
|
|
|
|
#[doc(hidden)]
|
|
|
|
/// Note: do not use for production code, this is only intended for tests
|
|
|
|
pub unsafe fn create_mocked_lock() -> BackupLockGuard {
|
|
|
|
BackupLockGuard(None)
|
|
|
|
}
|
2021-09-02 10:47:11 +00:00
|
|
|
|
|
|
|
/// Open or create a lock file owned by user "backup" and lock it.
|
|
|
|
///
|
|
|
|
/// Owner/Group of the file is set to backup/backup.
|
|
|
|
/// File mode is 0660.
|
|
|
|
/// Default timeout is 10 seconds.
|
|
|
|
///
|
|
|
|
/// Note: This method needs to be called by user "root" or "backup".
|
|
|
|
pub fn open_backup_lockfile<P: AsRef<std::path::Path>>(
|
|
|
|
path: P,
|
|
|
|
timeout: Option<std::time::Duration>,
|
|
|
|
exclusive: bool,
|
|
|
|
) -> Result<BackupLockGuard, Error> {
|
|
|
|
let user = backup_user()?;
|
|
|
|
let options = proxmox::tools::fs::CreateOptions::new()
|
|
|
|
.perm(nix::sys::stat::Mode::from_bits_truncate(0o660))
|
|
|
|
.owner(user.uid)
|
|
|
|
.group(user.gid);
|
|
|
|
|
|
|
|
let timeout = timeout.unwrap_or(std::time::Duration::new(10, 0));
|
|
|
|
|
|
|
|
let file = proxmox::tools::fs::open_file_locked(&path, timeout, exclusive, options)?;
|
2021-09-06 15:00:25 +00:00
|
|
|
Ok(BackupLockGuard(Some(file)))
|
2021-09-02 10:47:11 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/// Atomically write data to file owned by "root:backup" with permission "0640"
|
|
|
|
///
|
|
|
|
/// Only the superuser can write those files, but group 'backup' can read them.
|
|
|
|
pub fn replace_backup_config<P: AsRef<std::path::Path>>(
|
|
|
|
path: P,
|
|
|
|
data: &[u8],
|
|
|
|
) -> Result<(), Error> {
|
|
|
|
let backup_user = backup_user()?;
|
|
|
|
let mode = nix::sys::stat::Mode::from_bits_truncate(0o0640);
|
|
|
|
// set the correct owner/group/permissions while saving file
|
|
|
|
// owner(rw) = root, group(r)= backup
|
|
|
|
let options = proxmox::tools::fs::CreateOptions::new()
|
|
|
|
.perm(mode)
|
|
|
|
.owner(nix::unistd::ROOT)
|
|
|
|
.group(backup_user.gid);
|
|
|
|
|
2021-10-20 12:56:15 +00:00
|
|
|
proxmox::tools::fs::replace_file(path, data, options, true)?;
|
2021-09-02 10:47:11 +00:00
|
|
|
|
|
|
|
Ok(())
|
|
|
|
}
|
|
|
|
|
|
|
|
/// Atomically write data to file owned by "root:root" with permission "0600"
|
|
|
|
///
|
|
|
|
/// Only the superuser can read and write those files.
|
|
|
|
pub fn replace_secret_config<P: AsRef<std::path::Path>>(
|
|
|
|
path: P,
|
|
|
|
data: &[u8],
|
|
|
|
) -> Result<(), Error> {
|
|
|
|
let mode = nix::sys::stat::Mode::from_bits_truncate(0o0600);
|
|
|
|
// set the correct owner/group/permissions while saving file
|
|
|
|
// owner(rw) = root, group(r)= root
|
|
|
|
let options = proxmox::tools::fs::CreateOptions::new()
|
|
|
|
.perm(mode)
|
|
|
|
.owner(nix::unistd::ROOT)
|
|
|
|
.group(nix::unistd::Gid::from_raw(0));
|
|
|
|
|
2021-10-20 12:56:15 +00:00
|
|
|
proxmox::tools::fs::replace_file(path, data, options, true)?;
|
2021-09-02 10:47:11 +00:00
|
|
|
|
|
|
|
Ok(())
|
|
|
|
}
|