restore daemon: setup backup system user and group

now required as we always enforce lock files to be owned by the backup user, and the restore code uses such code indirectly as the REST server module is reused from proxmox-backup-server. Once that is refactored out we may do away such things, but until then we need to have a somewhat complete system env. Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2021-07-23 08:19:35 +02:00 · 2021-07-23 08:19:35 +02:00 · 9edf96e6b6
parent 73e1ba65ca
commit 9edf96e6b6
1 changed files with 15 additions and 0 deletions
--- a/src/bin/proxmox-restore-daemon.rs
+++ b/src/bin/proxmox-restore-daemon.rs
@ -18,6 +18,9 @@ use pbs_client::DEFAULT_VSOCK_PORT;
 use proxmox::api::RpcEnvironmentType;
 use proxmox_backup::server::{rest::*, ApiConfig};

+use std::fs::File;
+use std::io::prelude::*;
+
 mod proxmox_restore_daemon;
 use proxmox_restore_daemon::*;

@ -70,6 +73,18 @@ fn setup_system_env() -> Result<(), Error> {
    // we do not care much, but it's way less headache to just create it
    std::fs::create_dir_all("/run/proxmox-backup")?;

+    // we now ensure that all lock files are owned by the backup user, and as we reuse the
+    // specialized REST module from pbs api/daemon we have some checks there for user/acl stuff
+    // that gets locked, and thus needs the backup system user to work.
+    std::fs::create_dir_all("/etc")?;
+    let mut passwd = File::create("/etc/passwd")?;
+    writeln!(passwd, "root:x:0:0:root:/root:/bin/sh")?;
+    writeln!(passwd, "backup:x:34:34:backup:/var/backups:/usr/sbin/nologin")?;
+
+    let mut group = File::create("/etc/group")?;
+    writeln!(group, "root:x:0:")?;
+    writeln!(group, "backup:x:34:")?;
+
    Ok(())
 }