restore daemon: setup backup system user and group

now required as we always enforce lock files to be owned by the
backup user, and the restore code uses such code indirectly as the
REST server module is reused from proxmox-backup-server. Once that is
refactored out we may do away such things, but until then we need to
have a somewhat complete system env.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
This commit is contained in:
Thomas Lamprecht 2021-07-23 08:19:35 +02:00
parent 73e1ba65ca
commit 9edf96e6b6

View File

@ -18,6 +18,9 @@ use pbs_client::DEFAULT_VSOCK_PORT;
use proxmox::api::RpcEnvironmentType;
use proxmox_backup::server::{rest::*, ApiConfig};
use std::fs::File;
use std::io::prelude::*;
mod proxmox_restore_daemon;
use proxmox_restore_daemon::*;
@ -70,6 +73,18 @@ fn setup_system_env() -> Result<(), Error> {
// we do not care much, but it's way less headache to just create it
std::fs::create_dir_all("/run/proxmox-backup")?;
// we now ensure that all lock files are owned by the backup user, and as we reuse the
// specialized REST module from pbs api/daemon we have some checks there for user/acl stuff
// that gets locked, and thus needs the backup system user to work.
std::fs::create_dir_all("/etc")?;
let mut passwd = File::create("/etc/passwd")?;
writeln!(passwd, "root:x:0:0:root:/root:/bin/sh")?;
writeln!(passwd, "backup:x:34:34:backup:/var/backups:/usr/sbin/nologin")?;
let mut group = File::create("/etc/group")?;
writeln!(group, "root:x:0:")?;
writeln!(group, "backup:x:34:")?;
Ok(())
}