2019-02-16 11:19:13 +00:00
|
|
|
//! Proxmox Backup Server Configuration library
|
|
|
|
//!
|
|
|
|
//! This library contains helper to read, parse and write the
|
|
|
|
//! configuration files.
|
|
|
|
|
|
|
|
use failure::*;
|
|
|
|
|
2019-08-03 11:05:38 +00:00
|
|
|
use proxmox::tools::try_block;
|
|
|
|
|
2019-02-16 11:19:13 +00:00
|
|
|
use crate::buildcfg;
|
|
|
|
|
2019-08-21 12:14:00 +00:00
|
|
|
pub mod datastore;
|
|
|
|
|
2019-02-16 11:19:13 +00:00
|
|
|
/// Check configuration directory permissions
|
|
|
|
///
|
|
|
|
/// For security reasons, we want to make sure they are set correctly:
|
|
|
|
/// * owned by 'backup' user/group
|
|
|
|
/// * nobody else can read (mode 0700)
|
2019-02-18 12:11:42 +00:00
|
|
|
pub fn check_configdir_permissions() -> Result<(), Error> {
|
2019-02-16 11:19:13 +00:00
|
|
|
let cfgdir = buildcfg::CONFIGDIR;
|
2019-12-19 09:20:13 +00:00
|
|
|
|
|
|
|
let backup_user = crate::backup::backup_user()?;
|
|
|
|
let backup_uid = backup_user.uid.as_raw();
|
|
|
|
let backup_gid = backup_user.gid.as_raw();
|
2019-02-16 11:19:13 +00:00
|
|
|
|
|
|
|
try_block!({
|
|
|
|
let stat = nix::sys::stat::stat(cfgdir)?;
|
|
|
|
|
|
|
|
if stat.st_uid != backup_uid {
|
2019-08-21 12:14:00 +00:00
|
|
|
bail!("wrong user ({} != {})", stat.st_uid, backup_uid);
|
2019-02-16 11:19:13 +00:00
|
|
|
}
|
|
|
|
if stat.st_gid != backup_gid {
|
2019-08-21 12:14:00 +00:00
|
|
|
bail!("wrong group ({} != {})", stat.st_gid, backup_gid);
|
2019-02-16 11:19:13 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
let perm = stat.st_mode & 0o777;
|
|
|
|
if perm != 0o700 {
|
2019-08-21 12:14:00 +00:00
|
|
|
bail!("wrong permission ({:o} != {:o})", perm, 0o700);
|
2019-02-16 11:19:13 +00:00
|
|
|
}
|
|
|
|
Ok(())
|
2019-08-21 12:14:00 +00:00
|
|
|
})
|
|
|
|
.map_err(|err| {
|
|
|
|
format_err!(
|
|
|
|
"configuration directory '{}' permission problem - {}",
|
|
|
|
cfgdir,
|
|
|
|
err
|
|
|
|
)
|
|
|
|
})
|
2019-02-16 11:19:13 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
pub fn create_configdir() -> Result<(), Error> {
|
|
|
|
use nix::sys::stat::Mode;
|
|
|
|
|
|
|
|
let cfgdir = buildcfg::CONFIGDIR;
|
|
|
|
|
|
|
|
match nix::unistd::mkdir(cfgdir, Mode::from_bits_truncate(0o700)) {
|
2019-08-21 12:14:00 +00:00
|
|
|
Ok(()) => {}
|
2019-02-16 11:19:13 +00:00
|
|
|
Err(nix::Error::Sys(nix::errno::Errno::EEXIST)) => {
|
2019-02-18 12:11:42 +00:00
|
|
|
check_configdir_permissions()?;
|
2019-02-16 11:19:13 +00:00
|
|
|
return Ok(());
|
2019-08-21 12:14:00 +00:00
|
|
|
}
|
|
|
|
Err(err) => bail!(
|
|
|
|
"unable to create configuration directory '{}' - {}",
|
|
|
|
cfgdir,
|
|
|
|
err
|
|
|
|
),
|
2019-02-16 11:19:13 +00:00
|
|
|
}
|
|
|
|
|
2019-12-19 09:20:13 +00:00
|
|
|
let backup_user = crate::backup::backup_user()?;
|
2019-02-16 11:19:13 +00:00
|
|
|
|
2019-12-19 09:20:13 +00:00
|
|
|
nix::unistd::chown(cfgdir, Some(backup_user.uid), Some(backup_user.gid))
|
|
|
|
.map_err(|err| {
|
|
|
|
format_err!(
|
|
|
|
"unable to set configuration directory '{}' permissions - {}",
|
|
|
|
cfgdir,
|
|
|
|
err
|
|
|
|
)
|
|
|
|
})
|
2019-02-16 11:19:13 +00:00
|
|
|
}
|