From 9edf96e6b6fdc190e0bb952bfe2e4c1357dc772f Mon Sep 17 00:00:00 2001 From: Thomas Lamprecht Date: Fri, 23 Jul 2021 08:19:35 +0200 Subject: [PATCH] restore daemon: setup backup system user and group now required as we always enforce lock files to be owned by the backup user, and the restore code uses such code indirectly as the REST server module is reused from proxmox-backup-server. Once that is refactored out we may do away such things, but until then we need to have a somewhat complete system env. Signed-off-by: Thomas Lamprecht --- src/bin/proxmox-restore-daemon.rs | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/src/bin/proxmox-restore-daemon.rs b/src/bin/proxmox-restore-daemon.rs index 5456bd23..50f58d78 100644 --- a/src/bin/proxmox-restore-daemon.rs +++ b/src/bin/proxmox-restore-daemon.rs @@ -18,6 +18,9 @@ use pbs_client::DEFAULT_VSOCK_PORT; use proxmox::api::RpcEnvironmentType; use proxmox_backup::server::{rest::*, ApiConfig}; +use std::fs::File; +use std::io::prelude::*; + mod proxmox_restore_daemon; use proxmox_restore_daemon::*; @@ -70,6 +73,18 @@ fn setup_system_env() -> Result<(), Error> { // we do not care much, but it's way less headache to just create it std::fs::create_dir_all("/run/proxmox-backup")?; + // we now ensure that all lock files are owned by the backup user, and as we reuse the + // specialized REST module from pbs api/daemon we have some checks there for user/acl stuff + // that gets locked, and thus needs the backup system user to work. + std::fs::create_dir_all("/etc")?; + let mut passwd = File::create("/etc/passwd")?; + writeln!(passwd, "root:x:0:0:root:/root:/bin/sh")?; + writeln!(passwd, "backup:x:34:34:backup:/var/backups:/usr/sbin/nologin")?; + + let mut group = File::create("/etc/group")?; + writeln!(group, "root:x:0:")?; + writeln!(group, "backup:x:34:")?; + Ok(()) }