start new pbs-config workspace

moved src/config/domains.rs
2021-09-02 12:47:11 +02:00 · 2021-09-02 12:47:11 +02:00 · 2121174827
parent df12c9ec4e
commit 2121174827
58 changed files with 207 additions and 181 deletions
--- a/Cargo.toml
+++ b/Cargo.toml
@ -22,6 +22,7 @@ exclude = [ "build", "debian", "tests/catar_data/test_symlink/symlink1"]
 members = [
    "pbs-buildcfg",
    "pbs-client",
    "pbs-config",
    "pbs-datastore",
    "pbs-fuse-loop",
    "pbs-runtime",
@ -102,6 +103,7 @@ proxmox-openid = "0.7.0"
 pbs-api-types = { path = "pbs-api-types" }
 pbs-buildcfg = { path = "pbs-buildcfg" }
 pbs-client = { path = "pbs-client" }
 pbs-config = { path = "pbs-config" }
 pbs-datastore = { path = "pbs-datastore" }
 pbs-runtime = { path = "pbs-runtime" }
 pbs-systemd = { path = "pbs-systemd" }
--- a/1
+++ b/1
@ -35,6 +35,7 @@ SUBCRATES := \
 	pbs-api-types \
 	pbs-buildcfg \
 	pbs-client \
 	pbs-config \
 	pbs-datastore \
 	pbs-fuse-loop \
 	pbs-runtime \
--- a/pbs-api-types/src/lib.rs
+++ b/pbs-api-types/src/lib.rs
@ -152,6 +152,12 @@ pub const DATASTORE_SCHEMA: Schema = StringSchema::new("Datastore name.")
    .max_length(32)
    .schema();
 pub const REALM_ID_SCHEMA: Schema = StringSchema::new("Realm name.")
    .format(&PROXMOX_SAFE_ID_FORMAT)
    .min_length(2)
    .max_length(32)
    .schema();
 pub const FINGERPRINT_SHA256_FORMAT: ApiStringFormat =
    ApiStringFormat::Pattern(&FINGERPRINT_SHA256_REGEX);
--- a/pbs-config/Cargo.toml
+++ b/pbs-config/Cargo.toml
@ -0,0 +1,20 @@
 [package]
 name = "pbs-config"
 version = "0.1.0"
 authors = ["Proxmox Support Team <support@proxmox.com>"]
 edition = "2018"
 description = "Configuration file management for PBS"
 [dependencies]
 anyhow = "1.0"
 lazy_static = "1.4"
 serde = { version = "1.0", features = ["derive"] }
 openssl = "0.10"
 nix = "0.19.1"
 proxmox = { version = "0.13.0", default-features = false, features = [ "cli" ] }
 pbs-api-types = { path = "../pbs-api-types" }
 pbs-buildcfg = { path = "../pbs-buildcfg" }
 pbs-tools = { path = "../pbs-tools" }
--- a/pbs-config/src/domains.rs
+++ b/pbs-config/src/domains.rs
@ -13,8 +13,8 @@ use proxmox::api::{
    }
 };
-use crate::api2::types::*;
+use pbs_api_types::{REALM_ID_SCHEMA, SINGLE_LINE_COMMENT_SCHEMA};
-use crate::backup::{open_backup_lockfile, BackupLockGuard};
+use crate::{open_backup_lockfile, replace_backup_config, BackupLockGuard};
 lazy_static! {
    pub static ref CONFIG: SectionConfig = init();
@ -115,7 +115,7 @@ pub fn config() -> Result<(SectionConfigData, [u8;32]), Error> {
 pub fn save_config(config: &SectionConfigData) -> Result<(), Error> {
    let raw = CONFIG.write(DOMAINS_CFG_FILENAME, &config)?;
-    crate::backup::replace_backup_config(DOMAINS_CFG_FILENAME, raw.as_bytes())
+    replace_backup_config(DOMAINS_CFG_FILENAME, raw.as_bytes())
 }
 // shell completion helper
--- a/pbs-config/src/lib.rs
+++ b/pbs-config/src/lib.rs
@ -0,0 +1,83 @@
 pub mod domains;
 use anyhow::{format_err, Error};
 pub use pbs_buildcfg::{BACKUP_USER_NAME, BACKUP_GROUP_NAME};
 /// Return User info for the 'backup' user (``getpwnam_r(3)``)
 pub fn backup_user() -> Result<nix::unistd::User, Error> {
    pbs_tools::sys::query_user(BACKUP_USER_NAME)?
        .ok_or_else(|| format_err!("Unable to lookup '{}' user.", BACKUP_USER_NAME))
 }
 /// Return Group info for the 'backup' group (``getgrnam(3)``)
 pub fn backup_group() -> Result<nix::unistd::Group, Error> {
    pbs_tools::sys::query_group(BACKUP_GROUP_NAME)?
        .ok_or_else(|| format_err!("Unable to lookup '{}' group.", BACKUP_GROUP_NAME))
 }
 pub struct BackupLockGuard(std::fs::File);
 /// Open or create a lock file owned by user "backup" and lock it.
 ///
 /// Owner/Group of the file is set to backup/backup.
 /// File mode is 0660.
 /// Default timeout is 10 seconds.
 ///
 /// Note: This method needs to be called by user "root" or "backup".
 pub fn open_backup_lockfile<P: AsRef<std::path::Path>>(
    path: P,
    timeout: Option<std::time::Duration>,
    exclusive: bool,
 ) -> Result<BackupLockGuard, Error> {
    let user = backup_user()?;
    let options = proxmox::tools::fs::CreateOptions::new()
        .perm(nix::sys::stat::Mode::from_bits_truncate(0o660))
        .owner(user.uid)
        .group(user.gid);
    let timeout = timeout.unwrap_or(std::time::Duration::new(10, 0));
    let file = proxmox::tools::fs::open_file_locked(&path, timeout, exclusive, options)?;
    Ok(BackupLockGuard(file))
 }
 /// Atomically write data to file owned by "root:backup" with permission "0640"
 ///
 /// Only the superuser can write those files, but group 'backup' can read them.
 pub fn replace_backup_config<P: AsRef<std::path::Path>>(
    path: P,
    data: &[u8],
 ) -> Result<(), Error> {
    let backup_user = backup_user()?;
    let mode = nix::sys::stat::Mode::from_bits_truncate(0o0640);
    // set the correct owner/group/permissions while saving file
    // owner(rw) = root, group(r)= backup
    let options = proxmox::tools::fs::CreateOptions::new()
        .perm(mode)
        .owner(nix::unistd::ROOT)
        .group(backup_user.gid);
    proxmox::tools::fs::replace_file(path, data, options)?;
    Ok(())
 }
 /// Atomically write data to file owned by "root:root" with permission "0600"
 ///
 /// Only the superuser can read and write those files.
 pub fn replace_secret_config<P: AsRef<std::path::Path>>(
    path: P,
    data: &[u8],
 ) -> Result<(), Error> {
    let mode = nix::sys::stat::Mode::from_bits_truncate(0o0600);
    // set the correct owner/group/permissions while saving file
    // owner(rw) = root, group(r)= root
    let options = proxmox::tools::fs::CreateOptions::new()
        .perm(mode)
        .owner(nix::unistd::ROOT)
        .group(nix::unistd::Gid::from_raw(0));
    proxmox::tools::fs::replace_file(path, data, options)?;
    Ok(())
 }
--- a/src/api2/access/acl.rs
+++ b/src/api2/access/acl.rs
@ -8,7 +8,7 @@ use crate::api2::types::*;
 use crate::config::acl;
 use crate::config::acl::{Role, PRIV_SYS_AUDIT, PRIV_PERMISSIONS_MODIFY};
 use crate::config::cached_user_info::CachedUserInfo;
-use crate::backup::open_backup_lockfile;
+use pbs_config::open_backup_lockfile;
 fn extract_acl_node_data(
    node: &acl::AclTreeNode,
--- a/src/api2/access/domain.rs
+++ b/src/api2/access/domain.rs
@ -7,8 +7,7 @@ use serde_json::{json, Value};
 use proxmox::api::{api, Permission, Router, RpcEnvironment};
-use crate::config;
+use pbs_api_types::{REALM_ID_SCHEMA, SINGLE_LINE_COMMENT_SCHEMA};
 use crate::api2::types::*;
 #[api]
 #[derive(Deserialize, Serialize, PartialEq, Eq)]
@ -81,7 +80,7 @@ fn list_domains(mut rpcenv: &mut dyn RpcEnvironment) -> Result<Vec<BasicRealmInf
        "comment": "Proxmox Backup authentication server",
    }))?);
-    let (config, digest) = config::domains::config()?;
+    let (config, digest) = pbs_config::domains::config()?;
    for (_, (section_type, v)) in config.sections.iter() {
        let mut entry = v.clone();
--- a/src/api2/access/openid.rs
+++ b/src/api2/access/openid.rs
@ -15,13 +15,13 @@ use proxmox_openid::{OpenIdAuthenticator,  OpenIdConfig};
 use pbs_buildcfg::PROXMOX_BACKUP_RUN_DIR_M;
 use pbs_tools::auth::private_auth_key;
 use pbs_tools::ticket::Ticket;
 use pbs_config::domains::{OpenIdUserAttribute, OpenIdRealmConfig};
 use crate::server::ticket::ApiTicket;
 use crate::config::domains::{OpenIdUserAttribute, OpenIdRealmConfig};
 use crate::config::cached_user_info::CachedUserInfo;
-use crate::backup::open_backup_lockfile;
+use pbs_config::open_backup_lockfile;
 use crate::api2::types::*;
 use crate::auth_helpers::*;
@ -88,7 +88,7 @@ pub fn openid_login(
    let (realm, private_auth_state) =
        OpenIdAuthenticator::verify_public_auth_state(PROXMOX_BACKUP_RUN_DIR_M!(), &state)?;
-    let (domains, _digest) = crate::config::domains::config()?;
+    let (domains, _digest) = pbs_config::domains::config()?;
    let config: OpenIdRealmConfig = domains.lookup("openid", &realm)?;
    let open_id = openid_authenticator(&config, &redirect_url)?;
@ -182,7 +182,7 @@ fn openid_auth_url(
    _rpcenv: &mut dyn RpcEnvironment,
 ) -> Result<String, Error> {
-    let (domains, _digest) = crate::config::domains::config()?;
+    let (domains, _digest) = pbs_config::domains::config()?;
    let config: OpenIdRealmConfig = domains.lookup("openid", &realm)?;
    let open_id = openid_authenticator(&config, &redirect_url)?;
--- a/src/api2/access/user.rs
+++ b/src/api2/access/user.rs
@ -18,7 +18,7 @@ use crate::config::user;
 use crate::config::token_shadow;
 use crate::config::acl::{PRIV_SYS_AUDIT, PRIV_PERMISSIONS_MODIFY};
 use crate::config::cached_user_info::CachedUserInfo;
-use crate::backup::open_backup_lockfile;
+use pbs_config::open_backup_lockfile;
 pub const PBS_PASSWORD_SCHEMA: Schema = StringSchema::new("User Password.")
    .format(&PASSWORD_FORMAT)
--- a/src/api2/config/access/openid.rs
+++ b/src/api2/config/access/openid.rs
@ -6,7 +6,7 @@ use ::serde::{Deserialize, Serialize};
 use proxmox::api::{api, Permission, Router, RpcEnvironment};
-use crate::config::domains::{self, OpenIdRealmConfig, OpenIdRealmConfigUpdater};
+use pbs_config::domains::{self, OpenIdRealmConfig, OpenIdRealmConfigUpdater};
 use crate::config::acl::{PRIV_SYS_AUDIT, PRIV_REALM_ALLOCATE};
 use crate::api2::types::*;
--- a/src/api2/config/datastore.rs
+++ b/src/api2/config/datastore.rs
@ -10,6 +10,7 @@ use proxmox::api::schema::{ApiType, parse_property_string};
 use pbs_datastore::chunk_store::ChunkStore;
 use pbs_datastore::task::TaskState;
 use pbs_config::BackupLockGuard;
 use crate::api2::config::sync::delete_sync_job;
 use crate::api2::config::verify::delete_verification_job;
@ -19,7 +20,6 @@ use crate::api2::admin::{
    verify::list_verification_jobs,
 };
 use crate::api2::types::*;
 use crate::backup::BackupLockGuard;
 use crate::config::cached_user_info::CachedUserInfo;
 use crate::config::datastore::{self, DataStoreConfig, DataStoreConfigUpdater};
 use crate::config::acl::{PRIV_DATASTORE_ALLOCATE, PRIV_DATASTORE_AUDIT, PRIV_DATASTORE_MODIFY};
@ -68,7 +68,7 @@ pub(crate) fn do_create_datastore(
 ) -> Result<(), Error> {
    let path: PathBuf = datastore.path.clone().into();
-    let backup_user = crate::backup::backup_user()?;
+    let backup_user = pbs_config::backup_user()?;
    let _store = ChunkStore::create(&datastore.name, path, backup_user.uid, backup_user.gid, worker)?;
    config.set_data(&datastore.name, "datastore", &datastore)?;
--- a/src/api2/config/remote.rs
+++ b/src/api2/config/remote.rs
@ -11,7 +11,7 @@ use crate::api2::types::*;
 use crate::config::cached_user_info::CachedUserInfo;
 use crate::config::remote;
 use crate::config::acl::{PRIV_REMOTE_AUDIT, PRIV_REMOTE_MODIFY};
-use crate::backup::open_backup_lockfile;
+use pbs_config::open_backup_lockfile;
 #[api(
    input: {
--- a/src/api2/config/sync.rs
+++ b/src/api2/config/sync.rs
@ -17,7 +17,7 @@ use crate::config::acl::{
 use crate::config::cached_user_info::CachedUserInfo;
 use crate::config::sync::{self, SyncJobConfig};
-use crate::backup::open_backup_lockfile;
+use pbs_config::open_backup_lockfile;
 pub fn check_sync_job_read_access(
    user_info: &CachedUserInfo,
--- a/src/api2/config/tape_backup_job.rs
+++ b/src/api2/config/tape_backup_job.rs
@ -3,6 +3,7 @@ use serde_json::Value;
 use ::serde::{Deserialize, Serialize};
 use proxmox::api::{api, Router, RpcEnvironment, Permission};
 use pbs_config::open_backup_lockfile;
 use crate::{
    api2::types::{
@ -16,7 +17,6 @@ use crate::{
        MEDIA_POOL_NAME_SCHEMA,
        SYNC_SCHEDULE_SCHEMA,
    },
    backup::open_backup_lockfile,
    config::{
        self,
        cached_user_info::CachedUserInfo,
--- a/src/api2/config/tape_encryption_keys.rs
+++ b/src/api2/config/tape_encryption_keys.rs
@ -14,6 +14,7 @@ use proxmox::{
 use pbs_api_types::Fingerprint;
 use pbs_datastore::{KeyInfo, Kdf};
 use pbs_datastore::key_derivation::KeyConfig;
 use pbs_config::open_backup_lockfile;
 use crate::{
    config::{
@ -35,7 +36,6 @@ use crate::{
        PROXMOX_CONFIG_DIGEST_SCHEMA,
        PASSWORD_HINT_SCHEMA,
    },
    backup::open_backup_lockfile,
 };
 #[api(
--- a/src/api2/config/verify.rs
+++ b/src/api2/config/verify.rs
@ -13,7 +13,7 @@ use crate::config::acl::{
 use crate::config::cached_user_info::CachedUserInfo;
 use crate::config::verify::{self, VerificationJobConfig};
-use crate::backup::open_backup_lockfile;
+use pbs_config::open_backup_lockfile;
 #[api(
    input: {
--- a/src/api2/node/disks/directory.rs
+++ b/src/api2/node/disks/directory.rs
@ -17,7 +17,7 @@ use crate::server::WorkerTask;
 use crate::api2::types::*;
 use crate::config::datastore::{self, DataStoreConfig};
-use crate::backup::open_backup_lockfile;
+use pbs_config::open_backup_lockfile;
 #[api(
    properties: {
--- a/src/api2/node/network.rs
+++ b/src/api2/node/network.rs
@ -9,7 +9,7 @@ use crate::config::network::{self, NetworkConfig};
 use crate::config::acl::{PRIV_SYS_AUDIT, PRIV_SYS_MODIFY};
 use crate::api2::types::*;
 use crate::server::{WorkerTask};
-use crate::backup::open_backup_lockfile;
+use pbs_config::open_backup_lockfile;
 fn split_interface_list(list: &str) -> Result<Vec<String>, Error> {
    let value = parse_property_string(&list, &NETWORK_INTERFACE_ARRAY_SCHEMA)?;
--- a/src/api2/types/mod.rs
+++ b/src/api2/types/mod.rs
@ -331,12 +331,6 @@ pub const BLOCKDEVICE_NAME_SCHEMA: Schema = StringSchema::new("Block device name
    .max_length(64)
    .schema();
 pub const REALM_ID_SCHEMA: Schema = StringSchema::new("Realm name.")
    .format(&PROXMOX_SAFE_ID_FORMAT)
    .min_length(2)
    .max_length(32)
    .schema();
 // Complex type definitions
 #[api(
--- a/src/auth_helpers.rs
+++ b/src/auth_helpers.rs
@ -95,7 +95,7 @@ pub fn generate_csrf_key() -> Result<(), Error> {
    use nix::sys::stat::Mode;
-    let backup_user = crate::backup::backup_user()?;
+    let backup_user = pbs_config::backup_user()?;
    replace_file(
        &path,
@ -129,7 +129,7 @@ pub fn generate_auth_key() -> Result<(), Error> {
    let public_pem = rsa.public_key_to_pem()?;
-    let backup_user = crate::backup::backup_user()?;
+    let backup_user = pbs_config::backup_user()?;
    replace_file(
        &public_path,
--- a/src/backup/datastore.rs
+++ b/src/backup/datastore.rs
@ -31,7 +31,7 @@ use pbs_tools::fs::{lock_dir_noblock, DirLockGuard};
 use crate::config::datastore::{self, DataStoreConfig};
 use crate::tools;
-use crate::backup::{open_backup_lockfile, BackupLockGuard};
+use pbs_config::{open_backup_lockfile, BackupLockGuard};
 lazy_static! {
@ -700,7 +700,7 @@ impl DataStore {
                let mut path = self.base_path();
                path.push(".gc-status");
-                let backup_user = crate::backup::backup_user()?;
+                let backup_user = pbs_config::backup_user()?;
                let mode = nix::sys::stat::Mode::from_bits_truncate(0o0644);
                // set the correct owner/group/permissions while saving file
                // owner(rw) = backup, group(r)= backup
--- a/src/backup/mod.rs
+++ b/src/backup/mod.rs
@ -1,24 +1,8 @@
 //! Server/client-specific parts for what's otherwise in pbs-datastore.
 use anyhow::{format_err, Error};
 // Note: .pcat1 => Proxmox Catalog Format version 1
 pub const CATALOG_NAME: &str = "catalog.pcat1.didx";
 pub use pbs_buildcfg::{BACKUP_USER_NAME, BACKUP_GROUP_NAME};
 /// Return User info for the 'backup' user (``getpwnam_r(3)``)
 pub fn backup_user() -> Result<nix::unistd::User, Error> {
    pbs_tools::sys::query_user(BACKUP_USER_NAME)?
        .ok_or_else(|| format_err!("Unable to lookup '{}' user.", BACKUP_USER_NAME))
 }
 /// Return Group info for the 'backup' group (``getgrnam(3)``)
 pub fn backup_group() -> Result<nix::unistd::Group, Error> {
    pbs_tools::sys::query_group(BACKUP_GROUP_NAME)?
        .ok_or_else(|| format_err!("Unable to lookup '{}' group.", BACKUP_GROUP_NAME))
 }
 // Split
 mod read_chunk;
 pub use read_chunk::*;
@ -28,70 +12,3 @@ pub use datastore::*;
 mod verify;
 pub use verify::*;
 pub struct BackupLockGuard(std::fs::File);
 /// Open or create a lock file owned by user "backup" and lock it.
 ///
 /// Owner/Group of the file is set to backup/backup.
 /// File mode is 0660.
 /// Default timeout is 10 seconds.
 ///
 /// Note: This method needs to be called by user "root" or "backup".
 pub fn open_backup_lockfile<P: AsRef<std::path::Path>>(
    path: P,
    timeout: Option<std::time::Duration>,
    exclusive: bool,
 ) -> Result<BackupLockGuard, Error> {
    let user = backup_user()?;
    let options = proxmox::tools::fs::CreateOptions::new()
        .perm(nix::sys::stat::Mode::from_bits_truncate(0o660))
        .owner(user.uid)
        .group(user.gid);
    let timeout = timeout.unwrap_or(std::time::Duration::new(10, 0));
    let file = proxmox::tools::fs::open_file_locked(&path, timeout, exclusive, options)?;
    Ok(BackupLockGuard(file))
 }
 /// Atomically write data to file owned by "root:backup" with permission "0640"
 ///
 /// Only the superuser can write those files, but group 'backup' can read them.
 pub fn replace_backup_config<P: AsRef<std::path::Path>>(
    path: P,
    data: &[u8],
 ) -> Result<(), Error> {
    let backup_user = backup_user()?;
    let mode = nix::sys::stat::Mode::from_bits_truncate(0o0640);
    // set the correct owner/group/permissions while saving file
    // owner(rw) = root, group(r)= backup
    let options = proxmox::tools::fs::CreateOptions::new()
        .perm(mode)
        .owner(nix::unistd::ROOT)
        .group(backup_user.gid);
    proxmox::tools::fs::replace_file(path, data, options)?;
    Ok(())
 }
 /// Atomically write data to file owned by "root:root" with permission "0600"
 ///
 /// Only the superuser can read and write those files.
 pub fn replace_secret_config<P: AsRef<std::path::Path>>(
    path: P,
    data: &[u8],
 ) -> Result<(), Error> {
    let mode = nix::sys::stat::Mode::from_bits_truncate(0o0600);
    // set the correct owner/group/permissions while saving file
    // owner(rw) = root, group(r)= root
    let options = proxmox::tools::fs::CreateOptions::new()
        .perm(mode)
        .owner(nix::unistd::ROOT)
        .group(nix::unistd::Gid::from_raw(0));
    proxmox::tools::fs::replace_file(path, data, options)?;
    Ok(())
 }
--- a/src/bin/proxmox-backup-proxy.rs
+++ b/src/bin/proxmox-backup-proxy.rs
@ -53,8 +53,8 @@ use proxmox_backup::server::do_prune_job;
 fn main() -> Result<(), Error> {
    proxmox_backup::tools::setup_safe_path_env();
-    let backup_uid = proxmox_backup::backup::backup_user()?.uid;
+    let backup_uid = pbs_config::backup_user()?.uid;
-    let backup_gid = proxmox_backup::backup::backup_group()?.gid;
+    let backup_gid = pbs_config::backup_group()?.gid;
    let running_uid = nix::unistd::Uid::effective();
    let running_gid = nix::unistd::Gid::effective();
--- a/src/bin/proxmox_backup_manager/openid.rs
+++ b/src/bin/proxmox_backup_manager/openid.rs
@ -3,7 +3,9 @@ use serde_json::Value;
 use proxmox::api::{api, cli::*, RpcEnvironment, ApiHandler};
-use proxmox_backup::{config, api2, api2::types::REALM_ID_SCHEMA};
+use pbs_api_types::REALM_ID_SCHEMA;
 use proxmox_backup::api2;
 #[api(
@ -73,25 +75,25 @@ pub fn openid_commands() -> CommandLineInterface {
        .insert("list", CliCommand::new(&&API_METHOD_LIST_OPENID_REALMS))
        .insert("show", CliCommand::new(&&API_METHOD_SHOW_OPENID_REALM)
                .arg_param(&["realm"])
-                .completion_cb("realm", config::domains::complete_openid_realm_name)
+                .completion_cb("realm", pbs_config::domains::complete_openid_realm_name)
        )
        .insert("create",
                CliCommand::new(&api2::config::access::openid::API_METHOD_CREATE_OPENID_REALM)
                .arg_param(&["realm"])
                .arg_param(&["realm"])
-                .completion_cb("realm", config::domains::complete_openid_realm_name)
+                .completion_cb("realm", pbs_config::domains::complete_openid_realm_name)
        )
        .insert("update",
                CliCommand::new(&api2::config::access::openid::API_METHOD_UPDATE_OPENID_REALM)
                .arg_param(&["realm"])
                .arg_param(&["realm"])
-                .completion_cb("realm", config::domains::complete_openid_realm_name)
+                .completion_cb("realm", pbs_config::domains::complete_openid_realm_name)
        )
        .insert("delete",
                CliCommand::new(&api2::config::access::openid::API_METHOD_DELETE_OPENID_REALM)
                .arg_param(&["realm"])
                .arg_param(&["realm"])
-                .completion_cb("realm", config::domains::complete_openid_realm_name)
+                .completion_cb("realm", pbs_config::domains::complete_openid_realm_name)
        )
        ;
--- a/src/bin/sg-tape-cmd.rs
+++ b/src/bin/sg-tape-cmd.rs
@ -142,8 +142,8 @@ fn set_encryption(
 fn main() -> Result<(), Error> {
    // check if we are user root or backup
-    let backup_uid = proxmox_backup::backup::backup_user()?.uid;
+    let backup_uid = pbs_config::backup_user()?.uid;
-    let backup_gid = proxmox_backup::backup::backup_group()?.gid;
+    let backup_gid = pbs_config::backup_group()?.gid;
    let running_uid = nix::unistd::Uid::current();
    let running_gid = nix::unistd::Gid::current();
--- a/src/config/acl.rs
+++ b/src/config/acl.rs
@ -911,7 +911,7 @@ pub fn save_config(acl: &AclTree) -> Result<(), Error> {
    acl.write_config(&mut raw)?;
-    crate::backup::replace_backup_config(ACL_CFG_FILENAME, &raw)
+    pbs_config::replace_backup_config(ACL_CFG_FILENAME, &raw)
 }
 #[cfg(test)]
--- a/src/config/acme/plugin.rs
+++ b/src/config/acme/plugin.rs
@ -9,8 +9,8 @@ use proxmox::api::{
    section_config::{SectionConfig, SectionConfigData, SectionConfigPlugin},
 };
-use crate::api2::types::PROXMOX_SAFE_ID_FORMAT;
+use pbs_config::{open_backup_lockfile, BackupLockGuard};
-use crate::backup::{open_backup_lockfile, BackupLockGuard};
+use pbs_api_types::PROXMOX_SAFE_ID_FORMAT;
 pub const PLUGIN_ID_SCHEMA: Schema = StringSchema::new("ACME Challenge Plugin ID.")
    .format(&PROXMOX_SAFE_ID_FORMAT)
@ -162,7 +162,7 @@ pub fn config() -> Result<(PluginData, [u8; 32]), Error> {
 pub fn save_config(config: &PluginData) -> Result<(), Error> {
    super::make_acme_dir()?;
    let raw = CONFIG.write(ACME_PLUGIN_CFG_FILENAME, &config.data)?;
-    crate::backup::replace_backup_config(ACME_PLUGIN_CFG_FILENAME, raw.as_bytes())
+    pbs_config::replace_backup_config(ACME_PLUGIN_CFG_FILENAME, raw.as_bytes())
 }
 pub struct PluginData {
--- a/src/config/datastore.rs
+++ b/src/config/datastore.rs
@ -13,8 +13,9 @@ use proxmox::api::{
    }
 };
 use pbs_config::{open_backup_lockfile, BackupLockGuard};
 use crate::api2::types::*;
 use crate::backup::{open_backup_lockfile, BackupLockGuard};
 lazy_static! {
    pub static ref CONFIG: SectionConfig = init();
@ -152,7 +153,7 @@ pub fn config() -> Result<(SectionConfigData, [u8;32]), Error> {
 pub fn save_config(config: &SectionConfigData) -> Result<(), Error> {
    let raw = CONFIG.write(DATASTORE_CFG_FILENAME, &config)?;
-    crate::backup::replace_backup_config(DATASTORE_CFG_FILENAME, raw.as_bytes())
+    pbs_config::replace_backup_config(DATASTORE_CFG_FILENAME, raw.as_bytes())
 }
 // shell completion helper
--- a/src/config/drive.rs
+++ b/src/config/drive.rs
@ -27,8 +27,9 @@ use proxmox::{
    },
 };
 use pbs_config::{open_backup_lockfile, BackupLockGuard};
 use crate::{
    backup::{open_backup_lockfile, BackupLockGuard},
    api2::types::{
        DRIVE_NAME_SCHEMA,
        VirtualTapeDrive,
@ -93,7 +94,7 @@ pub fn config() -> Result<(SectionConfigData, [u8;32]), Error> {
 /// Save the configuration file
 pub fn save_config(config: &SectionConfigData) -> Result<(), Error> {
    let raw = CONFIG.write(DRIVE_CFG_FILENAME, &config)?;
-    crate::backup::replace_backup_config(DRIVE_CFG_FILENAME, raw.as_bytes())
+    pbs_config::replace_backup_config(DRIVE_CFG_FILENAME, raw.as_bytes())
 }
 /// Check if the specified drive name exists in the config.
--- a/src/config/media_pool.rs
+++ b/src/config/media_pool.rs
@ -22,8 +22,9 @@ use proxmox::{
    },
 };
 use pbs_config::{open_backup_lockfile, BackupLockGuard};
 use crate::{
    backup::{open_backup_lockfile, BackupLockGuard},
    api2::types::{
        MEDIA_POOL_NAME_SCHEMA,
        MediaPoolConfig,
@ -72,7 +73,7 @@ pub fn config() -> Result<(SectionConfigData, [u8;32]), Error> {
 /// Save the configuration file
 pub fn save_config(config: &SectionConfigData) -> Result<(), Error> {
    let raw = CONFIG.write(MEDIA_POOL_CFG_FILENAME, &config)?;
-    crate::backup::replace_backup_config(MEDIA_POOL_CFG_FILENAME, raw.as_bytes())
+    pbs_config::replace_backup_config(MEDIA_POOL_CFG_FILENAME, raw.as_bytes())
 }
 // shell completion helper
--- a/src/config/mod.rs
+++ b/src/config/mod.rs
@ -30,7 +30,6 @@ pub mod drive;
 pub mod media_pool;
 pub mod tape_encryption_keys;
 pub mod tape_job;
 pub mod domains;
 /// Check configuration directory permissions
 ///
@ -40,7 +39,7 @@ pub mod domains;
 pub fn check_configdir_permissions() -> Result<(), Error> {
    let cfgdir = pbs_buildcfg::CONFIGDIR;
-    let backup_user = crate::backup::backup_user()?;
+    let backup_user = pbs_config::backup_user()?;
    let backup_uid = backup_user.uid.as_raw();
    let backup_gid = backup_user.gid.as_raw();
@ -85,7 +84,7 @@ pub fn create_configdir() -> Result<(), Error> {
        ),
    }
-    let backup_user = crate::backup::backup_user()?;
+    let backup_user = pbs_config::backup_user()?;
    nix::unistd::chown(cfgdir, Some(backup_user.uid), Some(backup_user.gid))
        .map_err(|err| {
@ -197,9 +196,9 @@ pub(crate) fn set_proxy_certificate(cert_pem: &[u8], key_pem: &[u8]) -> Result<(
    let cert_path = PathBuf::from(configdir!("/proxy.pem"));
    create_configdir()?;
-    crate::backup::replace_backup_config(&key_path, key_pem)
+    pbs_config::replace_backup_config(&key_path, key_pem)
        .map_err(|err| format_err!("error writing certificate private key - {}", err))?;
-    crate::backup::replace_backup_config(&cert_path, &cert_pem)
+    pbs_config::replace_backup_config(&cert_path, &cert_pem)
        .map_err(|err| format_err!("error writing certificate file - {}", err))?;
    Ok(())
--- a/src/config/node.rs
+++ b/src/config/node.rs
@ -9,8 +9,8 @@ use proxmox::api::schema::{ApiStringFormat, ApiType, Updater};
 use proxmox_http::ProxyConfig;
 use pbs_buildcfg::configdir;
 use pbs_config::{open_backup_lockfile, BackupLockGuard};
 use crate::backup::{open_backup_lockfile, BackupLockGuard};
 use crate::acme::AcmeClient;
 use crate::api2::types::{
    AcmeAccountName, AcmeDomain, ACME_DOMAIN_PROPERTY_SCHEMA, HTTP_PROXY_SCHEMA,
@ -39,7 +39,7 @@ pub fn save_config(config: &NodeConfig) -> Result<(), Error> {
    config.validate()?;
    let raw = crate::tools::config::to_bytes(config, &NodeConfig::API_SCHEMA)?;
-    crate::backup::replace_backup_config(CONF_FILE, &raw)
+    pbs_config::replace_backup_config(CONF_FILE, &raw)
 }
 #[api(
--- a/src/config/remote.rs
+++ b/src/config/remote.rs
@ -122,7 +122,7 @@ pub fn config() -> Result<(SectionConfigData, [u8;32]), Error> {
 pub fn save_config(config: &SectionConfigData) -> Result<(), Error> {
    let raw = CONFIG.write(REMOTE_CFG_FILENAME, &config)?;
-    crate::backup::replace_backup_config(REMOTE_CFG_FILENAME, raw.as_bytes())
+    pbs_config::replace_backup_config(REMOTE_CFG_FILENAME, raw.as_bytes())
 }
 // shell completion helper
--- a/src/config/sync.rs
+++ b/src/config/sync.rs
@ -118,7 +118,7 @@ pub fn config() -> Result<(SectionConfigData, [u8;32]), Error> {
 pub fn save_config(config: &SectionConfigData) -> Result<(), Error> {
    let raw = CONFIG.write(SYNC_CFG_FILENAME, &config)?;
-    crate::backup::replace_backup_config(SYNC_CFG_FILENAME, raw.as_bytes())
+    pbs_config::replace_backup_config(SYNC_CFG_FILENAME, raw.as_bytes())
 }
 // shell completion helper
--- a/src/config/tape_encryption_keys.rs
+++ b/src/config/tape_encryption_keys.rs
@ -19,7 +19,7 @@ use proxmox::tools::fs::file_read_optional_string;
 use pbs_api_types::Fingerprint;
 use pbs_datastore::key_derivation::KeyConfig;
-use crate::backup::open_backup_lockfile;
+use pbs_config::{open_backup_lockfile, replace_secret_config};
 mod hex_key {
    use serde::{self, Deserialize, Serializer, Deserializer};
@ -135,7 +135,7 @@ pub fn save_keys(map: HashMap<Fingerprint, EncryptionKeyInfo>) -> Result<(), Err
    }
    let raw = serde_json::to_string_pretty(&list)?;
-    crate::backup::replace_secret_config(TAPE_KEYS_FILENAME, raw.as_bytes())
+    replace_secret_config(TAPE_KEYS_FILENAME, raw.as_bytes())
 }
 /// Store tape encryption key configurations (password protected keys)
@ -148,7 +148,7 @@ pub fn save_key_configs(map: HashMap<Fingerprint, KeyConfig>) -> Result<(), Erro
    }
    let raw = serde_json::to_string_pretty(&list)?;
-    crate::backup::replace_backup_config(TAPE_KEY_CONFIG_FILENAME, raw.as_bytes())
+    pbs_config::replace_backup_config(TAPE_KEY_CONFIG_FILENAME, raw.as_bytes())
 }
 /// Insert a new key
--- a/src/config/tape_job.rs
+++ b/src/config/tape_job.rs
@ -160,7 +160,7 @@ pub fn config() -> Result<(SectionConfigData, [u8;32]), Error> {
 pub fn save_config(config: &SectionConfigData) -> Result<(), Error> {
    let raw = CONFIG.write(TAPE_JOB_CFG_FILENAME, &config)?;
-    crate::backup::replace_backup_config(TAPE_JOB_CFG_FILENAME, raw.as_bytes())
+    pbs_config::replace_backup_config(TAPE_JOB_CFG_FILENAME, raw.as_bytes())
 }
 // shell completion helper
--- a/src/config/tfa.rs
+++ b/src/config/tfa.rs
@ -26,9 +26,9 @@ use proxmox::tools::uuid::Uuid;
 use proxmox::tools::AsHex;
 use pbs_buildcfg::configdir;
 use pbs_config::{open_backup_lockfile, BackupLockGuard};
 use crate::api2::types::Userid;
 use crate::backup::{open_backup_lockfile, BackupLockGuard};
 /// Mapping of userid to TFA entry.
 pub type TfaUsers = HashMap<Userid, TfaUserData>;
--- a/src/config/token_shadow.rs
+++ b/src/config/token_shadow.rs
@ -8,7 +8,7 @@ use proxmox::tools::fs::CreateOptions;
 use crate::api2::types::Authid;
 use crate::auth;
-use crate::backup::open_backup_lockfile;
+use pbs_config::open_backup_lockfile;
 const LOCK_FILE: &str = pbs_buildcfg::configdir!("/token.shadow.lock");
 const CONF_FILE: &str = pbs_buildcfg::configdir!("/token.shadow");
@ -33,7 +33,7 @@ fn read_file() -> Result<HashMap<Authid, String>, Error> {
 }
 fn write_file(data: HashMap<Authid, String>) -> Result<(), Error> {
-    let backup_user = crate::backup::backup_user()?;
+    let backup_user = pbs_config::backup_user()?;
    let options = CreateOptions::new()
        .perm(nix::sys::stat::Mode::from_bits_truncate(0o0640))
        .owner(backup_user.uid)
--- a/src/config/user.rs
+++ b/src/config/user.rs
@ -119,7 +119,7 @@ pub fn cached_config() -> Result<Arc<SectionConfigData>, Error> {
 pub fn save_config(config: &SectionConfigData) -> Result<(), Error> {
    let raw = CONFIG.write(USER_CFG_FILENAME, &config)?;
-    crate::backup::replace_backup_config(USER_CFG_FILENAME, raw.as_bytes())?;
+    pbs_config::replace_backup_config(USER_CFG_FILENAME, raw.as_bytes())?;
    // increase user cache generation
    // We use this in CachedUserInfo
--- a/src/config/verify.rs
+++ b/src/config/verify.rs
@ -116,7 +116,7 @@ pub fn config() -> Result<(SectionConfigData, [u8;32]), Error> {
 pub fn save_config(config: &SectionConfigData) -> Result<(), Error> {
    let raw = CONFIG.write(VERIFICATION_CFG_FILENAME, &config)?;
-    crate::backup::replace_backup_config(VERIFICATION_CFG_FILENAME, raw.as_bytes())
+    pbs_config::replace_backup_config(VERIFICATION_CFG_FILENAME, raw.as_bytes())
 }
 // shell completion helper
--- a/src/rrd/cache.rs
+++ b/src/rrd/cache.rs
@ -22,7 +22,7 @@ lazy_static!{
 /// Create rrdd stat dir with correct permission
 pub fn create_rrdb_dir() -> Result<(), Error> {
-    let backup_user = crate::backup::backup_user()?;
+    let backup_user = pbs_config::backup_user()?;
    let opts = CreateOptions::new()
        .owner(backup_user.uid)
        .group(backup_user.gid);
--- a/src/rrd/rrd.rs
+++ b/src/rrd/rrd.rs
@ -303,7 +303,7 @@ impl RRD {
            std::slice::from_raw_parts(self as *const _ as *const u8, std::mem::size_of::<RRD>())
        };
-        let backup_user = crate::backup::backup_user()?;
+        let backup_user = pbs_config::backup_user()?;
        let mode = nix::sys::stat::Mode::from_bits_truncate(0o0644);
        // set the correct owner/group/permissions while saving file
        // owner(rw) = backup, group(r)= backup
--- a/src/server/command_socket.rs
+++ b/src/server/command_socket.rs
@ -19,7 +19,7 @@ where
 {
    let path: PathBuf = path.into();
-    let backup_user = crate::backup::backup_user()?;
+    let backup_user = pbs_config::backup_user()?;
    let backup_gid = backup_user.gid.as_raw();
    let socket = UnixListener::bind(&path)?;
--- a/src/server/config.rs
+++ b/src/server/config.rs
@ -142,7 +142,7 @@ impl ApiConfig {
        let path: PathBuf = path.into();
        if let Some(base) = path.parent() {
            if !base.exists() {
-                let backup_user = crate::backup::backup_user()?;
+                let backup_user = pbs_config::backup_user()?;
                let opts = CreateOptions::new().owner(backup_user.uid).group(backup_user.gid);
                create_path(base, None, Some(opts)).map_err(|err| format_err!("{}", err))?;
            }
--- a/src/server/jobstate.rs
+++ b/src/server/jobstate.rs
@ -47,9 +47,9 @@ use proxmox::tools::fs::{
 };
 use pbs_systemd::time::{compute_next_event, parse_calendar_event};
 use pbs_config::{open_backup_lockfile, BackupLockGuard};
 use crate::{
    backup::{open_backup_lockfile, BackupLockGuard},
    api2::types::JobScheduleStatus,
    server::{
        UPID,
@ -88,7 +88,7 @@ const JOB_STATE_BASEDIR: &str = "/var/lib/proxmox-backup/jobstates";
 /// Create jobstate stat dir with correct permission
 pub fn create_jobstate_dir() -> Result<(), Error> {
-    let backup_user = crate::backup::backup_user()?;
+    let backup_user = pbs_config::backup_user()?;
    let opts = CreateOptions::new()
        .owner(backup_user.uid)
        .group(backup_user.gid);
@ -299,7 +299,7 @@ impl Job {
        let serialized = serde_json::to_string(&self.state)?;
        let path = get_path(&self.jobtype, &self.jobname);
-        let backup_user = crate::backup::backup_user()?;
+        let backup_user = pbs_config::backup_user()?;
        let mode = nix::sys::stat::Mode::from_bits_truncate(0o0644);
        // set the correct owner/group/permissions while saving file
        // owner(rw) = backup, group(r)= backup
--- a/src/server/mod.rs
+++ b/src/server/mod.rs
@ -116,7 +116,7 @@ pub(crate) async fn notify_datastore_removed() -> Result<(), Error> {
 /// This exists to fixate the permissions for the run *base* directory while allowing intermediate
 /// directories after it to have different permissions.
 pub fn create_run_dir() -> Result<(), Error> {
-    let backup_user = crate::backup::backup_user()?;
+    let backup_user = pbs_config::backup_user()?;
    let opts = CreateOptions::new()
        .owner(backup_user.uid)
        .group(backup_user.gid);
--- a/src/server/worker_task.rs
+++ b/src/server/worker_task.rs
@ -24,7 +24,7 @@ use super::{UPID, UPIDExt};
 use crate::server;
 use crate::tools::{FileLogger, FileLogOptions};
 use crate::api2::types::{Authid, TaskStateType};
-use crate::backup::{open_backup_lockfile, BackupLockGuard};
+use pbs_config::{open_backup_lockfile, BackupLockGuard};
 macro_rules! taskdir {
    ($subdir:expr) => (concat!(pbs_buildcfg::PROXMOX_BACKUP_LOG_DIR_M!(), "/tasks", $subdir))
@ -159,7 +159,7 @@ fn parse_worker_status_line(line: &str) -> Result<(String, UPID, Option<TaskStat
 pub fn create_task_log_dirs() -> Result<(), Error> {
    try_block!({
-        let backup_user = crate::backup::backup_user()?;
+        let backup_user = pbs_config::backup_user()?;
        let opts = CreateOptions::new()
            .owner(backup_user.uid)
            .group(backup_user.gid);
@ -354,7 +354,7 @@ pub fn rotate_task_log_archive(size_threshold: u64, compress: bool, max_files: O
 // new_upid is added to the list when specified.
 fn update_active_workers(new_upid: Option<&UPID>) -> Result<(), Error> {
-    let backup_user = crate::backup::backup_user()?;
+    let backup_user = pbs_config::backup_user()?;
    let lock = lock_task_list_files(true)?;
@ -611,7 +611,7 @@ impl WorkerTask {
        path.push(format!("{:02X}", upid.pstart & 255));
-        let backup_user = crate::backup::backup_user()?;
+        let backup_user = pbs_config::backup_user()?;
        create_path(&path, None, Some(CreateOptions::new().owner(backup_user.uid).group(backup_user.gid)))?;
--- a/src/tape/changer/mod.rs
+++ b/src/tape/changer/mod.rs
@ -483,7 +483,7 @@ fn save_changer_state_cache(
    let state = serde_json::to_string_pretty(state)?;
-    let backup_user = crate::backup::backup_user()?;
+    let backup_user = pbs_config::backup_user()?;
    let mode = nix::sys::stat::Mode::from_bits_truncate(0o0644);
    let options = CreateOptions::new()
        .perm(mode)
--- a/src/tape/drive/mod.rs
+++ b/src/tape/drive/mod.rs
@ -553,7 +553,7 @@ pub fn set_tape_device_state(
    let mut path = PathBuf::from(crate::tape::DRIVE_STATE_DIR);
    path.push(drive);
-    let backup_user = crate::backup::backup_user()?;
+    let backup_user = pbs_config::backup_user()?;
    let mode = nix::sys::stat::Mode::from_bits_truncate(0o0644);
    let options = CreateOptions::new()
        .perm(mode)
@ -612,7 +612,7 @@ fn open_device_lock(device_path: &str) -> Result<std::fs::File, Error> {
    let mut path = std::path::PathBuf::from(crate::tape::DRIVE_LOCK_DIR);
    path.push(lock_name);
-    let user = crate::backup::backup_user()?;
+    let user = pbs_config::backup_user()?;
    let options = CreateOptions::new()
        .perm(Mode::from_bits_truncate(0o660))
        .owner(user.uid)
--- a/src/tape/inventory.rs
+++ b/src/tape/inventory.rs
@ -40,6 +40,7 @@ use proxmox::tools::{
 };
 use pbs_systemd::time::compute_next_event;
 use pbs_config::{open_backup_lockfile, BackupLockGuard};
 use crate::{
    api2::types::{
@ -48,7 +49,6 @@ use crate::{
        MediaStatus,
        MediaLocation,
    },
    backup::{open_backup_lockfile, BackupLockGuard},
    tape::{
        TAPE_STATUS_DIR,
        MediaSet,
@ -174,7 +174,7 @@ impl Inventory {
            // We cannot use chown inside test environment (no permissions)
            CreateOptions::new().perm(mode)
        } else {
-            let backup_user = crate::backup::backup_user()?;
+            let backup_user = pbs_config::backup_user()?;
            CreateOptions::new()
                .perm(mode)
                .owner(backup_user.uid)
--- a/src/tape/media_catalog.rs
+++ b/src/tape/media_catalog.rs
@ -183,7 +183,7 @@ impl MediaCatalog {
    }
    fn create_basedir(base_path: &Path) -> Result<(), Error> {
-        let backup_user = crate::backup::backup_user()?;
+        let backup_user = pbs_config::backup_user()?;
        let mode = nix::sys::stat::Mode::from_bits_truncate(0o0640);
        let opts = CreateOptions::new()
            .perm(mode)
@ -217,7 +217,7 @@ impl MediaCatalog {
                .create(create)
                .open(&path)?;
-            let backup_user = crate::backup::backup_user()?;
+            let backup_user = pbs_config::backup_user()?;
            fchown(file.as_raw_fd(), Some(backup_user.uid), Some(backup_user.gid))
                .map_err(|err| format_err!("fchown failed - {}", err))?;
@ -275,7 +275,7 @@ impl MediaCatalog {
            return Ok(file);
        }
-        let backup_user = crate::backup::backup_user()?;
+        let backup_user = pbs_config::backup_user()?;
        fchown(file.as_raw_fd(), Some(backup_user.uid), Some(backup_user.gid))
            .map_err(|err| format_err!("fchown failed - {}", err))?;
--- a/src/tape/media_catalog_cache.rs
+++ b/src/tape/media_catalog_cache.rs
@ -91,7 +91,7 @@ fn write_snapshot_cache(
        }
    }
-    let backup_user = crate::backup::backup_user()?;
+    let backup_user = pbs_config::backup_user()?;
    let mode = nix::sys::stat::Mode::from_bits_truncate(0o0640);
    let options = CreateOptions::new()
        .perm(mode)
--- a/src/tape/media_pool.rs
+++ b/src/tape/media_pool.rs
@ -16,9 +16,9 @@ use proxmox::tools::Uuid;
 use pbs_api_types::Fingerprint;
 use pbs_systemd::time::compute_next_event;
 use pbs_config::BackupLockGuard;
 use crate::{
    backup::BackupLockGuard,
    api2::types::{
        MediaStatus,
        MediaLocation,
--- a/src/tape/mod.rs
+++ b/src/tape/mod.rs
@ -71,7 +71,7 @@ pub const COMMIT_BLOCK_SIZE: usize = 128*1024*1024*1024; // 128 GiB
 /// Create tape status dir with correct permission
 pub fn create_tape_status_dir() -> Result<(), Error> {
-    let backup_user = crate::backup::backup_user()?;
+    let backup_user = pbs_config::backup_user()?;
    let mode = nix::sys::stat::Mode::from_bits_truncate(0o0750);
    let options = CreateOptions::new()
        .perm(mode)
@ -86,7 +86,7 @@ pub fn create_tape_status_dir() -> Result<(), Error> {
 /// Create drive lock dir with correct permission
 pub fn create_drive_lock_dir() -> Result<(), Error> {
-    let backup_user = crate::backup::backup_user()?;
+    let backup_user = pbs_config::backup_user()?;
    let mode = nix::sys::stat::Mode::from_bits_truncate(0o0750);
    let options = CreateOptions::new()
        .perm(mode)
@ -101,7 +101,7 @@ pub fn create_drive_lock_dir() -> Result<(), Error> {
 /// Create drive state dir with correct permission
 pub fn create_drive_state_dir() -> Result<(), Error> {
-    let backup_user = crate::backup::backup_user()?;
+    let backup_user = pbs_config::backup_user()?;
    let mode = nix::sys::stat::Mode::from_bits_truncate(0o0750);
    let options = CreateOptions::new()
        .perm(mode)
@ -116,7 +116,7 @@ pub fn create_drive_state_dir() -> Result<(), Error> {
 /// Create changer state cache dir with correct permission
 pub fn create_changer_state_dir() -> Result<(), Error> {
-    let backup_user = crate::backup::backup_user()?;
+    let backup_user = pbs_config::backup_user()?;
    let mode = nix::sys::stat::Mode::from_bits_truncate(0o0750);
    let options = CreateOptions::new()
        .perm(mode)
--- a/src/tools/file_logger.rs
+++ b/src/tools/file_logger.rs
@ -91,7 +91,7 @@ impl FileLogger {
            .open(&file_name)?;
        if options.owned_by_backup {
-            let backup_user = crate::backup::backup_user()?;
+            let backup_user = pbs_config::backup_user()?;
            nix::unistd::chown(file_name.as_ref(), Some(backup_user.uid), Some(backup_user.gid))?;
        }
--- a/src/tools/memcom.rs
+++ b/src/tools/memcom.rs
@ -38,7 +38,7 @@ impl Memcom {
    // Actual work of `new`:
    fn open() -> Result<Arc<Self>, Error> {
-        let user = crate::backup::backup_user()?;
+        let user = pbs_config::backup_user()?;
        let options = CreateOptions::new()
            .perm(Mode::from_bits_truncate(0o660))
            .owner(user.uid)
--- a/src/tools/subscription.rs
+++ b/src/tools/subscription.rs
@ -304,7 +304,7 @@ pub fn write_subscription(info: SubscriptionInfo) -> Result<(), Error> {
        format!("{}\n{}\n{}\n", info.key.unwrap(), csum, encoded)
    };
-    let backup_user = crate::backup::backup_user()?;
+    let backup_user = pbs_config::backup_user()?;
    let mode = nix::sys::stat::Mode::from_bits_truncate(0o0640);
    let file_opts = CreateOptions::new()
        .perm(mode)