* [pbs-devel] [PATCH proxmox-backup] fix 5304: client: set process uid/gid for .pxarexclude-cli
@ 2024-04-30 15:37 Christian Ebner
2024-05-02 9:25 ` Gabriel Goller
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Christian Ebner @ 2024-04-30 15:37 UTC (permalink / raw)
To: pbs-devel
The .pxarexclude-cli encodes the exclude patterns the client was
invoked with in the pxar archive as regular file entry. The current
behaviour of setting the uid and gid to default 0 (root) causes
however issues when trying to backup and restore the backup as
non-root user.
Opt for using the uid/gid of the user the executable was called as,
allowing the restore for this user to succeed. Root will succeed
to restore anyways.
Link to issue in bugtracker:
https://bugzilla.proxmox.com/show_bug.cgi?id=5304
Signed-off-by: Christian Ebner <c.ebner@proxmox.com>
---
pbs-client/src/pxar/create.rs | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/pbs-client/src/pxar/create.rs b/pbs-client/src/pxar/create.rs
index 60efb0ce5..a5afde7af 100644
--- a/pbs-client/src/pxar/create.rs
+++ b/pbs-client/src/pxar/create.rs
@@ -404,6 +404,10 @@ impl Archiver {
let mut metadata = Metadata::default();
metadata.stat.mode = pxar::format::mode::IFREG | 0o600;
+ // use uid/gid of client process so the backup snapshot might be restored by the same
+ // potentially non-root user
+ metadata.stat.uid = unsafe { libc::getuid() };
+ metadata.stat.gid = unsafe { libc::getgid() };
let mut file = encoder
.create_file(&metadata, ".pxarexclude-cli", content.len() as u64)
--
2.39.2
_______________________________________________
pbs-devel mailing list
pbs-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [pbs-devel] [PATCH proxmox-backup] fix 5304: client: set process uid/gid for .pxarexclude-cli
2024-04-30 15:37 [pbs-devel] [PATCH proxmox-backup] fix 5304: client: set process uid/gid for .pxarexclude-cli Christian Ebner
@ 2024-05-02 9:25 ` Gabriel Goller
2024-06-13 11:05 ` Christian Ebner
2024-07-02 8:52 ` [pbs-devel] applied: " Fabian Grünbichler
2 siblings, 0 replies; 4+ messages in thread
From: Gabriel Goller @ 2024-05-02 9:25 UTC (permalink / raw)
To: Proxmox Backup Server development discussion
On Tue Apr 30, 2024 at 5:37 PM CEST, Christian Ebner wrote:
> The .pxarexclude-cli encodes the exclude patterns the client was
> invoked with in the pxar archive as regular file entry. The current
> behaviour of setting the uid and gid to default 0 (root) causes
> however issues when trying to backup and restore the backup as
> non-root user.
>
> Opt for using the uid/gid of the user the executable was called as,
> allowing the restore for this user to succeed. Root will succeed
> to restore anyways.
>
> Link to issue in bugtracker:
> https://bugzilla.proxmox.com/show_bug.cgi?id=5304
>
> Signed-off-by: Christian Ebner <c.ebner@proxmox.com>
> ---
> pbs-client/src/pxar/create.rs | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/pbs-client/src/pxar/create.rs b/pbs-client/src/pxar/create.rs
> index 60efb0ce5..a5afde7af 100644
> --- a/pbs-client/src/pxar/create.rs
> +++ b/pbs-client/src/pxar/create.rs
> @@ -404,6 +404,10 @@ impl Archiver {
>
> let mut metadata = Metadata::default();
> metadata.stat.mode = pxar::format::mode::IFREG | 0o600;
> + // use uid/gid of client process so the backup snapshot might be restored by the same
> + // potentially non-root user
> + metadata.stat.uid = unsafe { libc::getuid() };
> + metadata.stat.gid = unsafe { libc::getgid() };
>
> let mut file = encoder
> .create_file(&metadata, ".pxarexclude-cli", content.len() as u64)
This is a good addition, ran into this myself a few times. The chown
fails and throws an error although the pxarexclude file is correctly
restored (albeit with the current user's permission).
Consider:
Tested-by: Gabriel Goller <g.goller@proxmox.com>
_______________________________________________
pbs-devel mailing list
pbs-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [pbs-devel] [PATCH proxmox-backup] fix 5304: client: set process uid/gid for .pxarexclude-cli
2024-04-30 15:37 [pbs-devel] [PATCH proxmox-backup] fix 5304: client: set process uid/gid for .pxarexclude-cli Christian Ebner
2024-05-02 9:25 ` Gabriel Goller
@ 2024-06-13 11:05 ` Christian Ebner
2024-07-02 8:52 ` [pbs-devel] applied: " Fabian Grünbichler
2 siblings, 0 replies; 4+ messages in thread
From: Christian Ebner @ 2024-06-13 11:05 UTC (permalink / raw)
To: pbs-devel
Ping, still applies
_______________________________________________
pbs-devel mailing list
pbs-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel
^ permalink raw reply [flat|nested] 4+ messages in thread
* [pbs-devel] applied: [PATCH proxmox-backup] fix 5304: client: set process uid/gid for .pxarexclude-cli
2024-04-30 15:37 [pbs-devel] [PATCH proxmox-backup] fix 5304: client: set process uid/gid for .pxarexclude-cli Christian Ebner
2024-05-02 9:25 ` Gabriel Goller
2024-06-13 11:05 ` Christian Ebner
@ 2024-07-02 8:52 ` Fabian Grünbichler
2 siblings, 0 replies; 4+ messages in thread
From: Fabian Grünbichler @ 2024-07-02 8:52 UTC (permalink / raw)
To: Proxmox Backup Server development discussion
On April 30, 2024 5:37 pm, Christian Ebner wrote:
> The .pxarexclude-cli encodes the exclude patterns the client was
> invoked with in the pxar archive as regular file entry. The current
> behaviour of setting the uid and gid to default 0 (root) causes
> however issues when trying to backup and restore the backup as
> non-root user.
>
> Opt for using the uid/gid of the user the executable was called as,
> allowing the restore for this user to succeed. Root will succeed
> to restore anyways.
>
> Link to issue in bugtracker:
> https://bugzilla.proxmox.com/show_bug.cgi?id=5304
>
> Signed-off-by: Christian Ebner <c.ebner@proxmox.com>
> ---
> pbs-client/src/pxar/create.rs | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/pbs-client/src/pxar/create.rs b/pbs-client/src/pxar/create.rs
> index 60efb0ce5..a5afde7af 100644
> --- a/pbs-client/src/pxar/create.rs
> +++ b/pbs-client/src/pxar/create.rs
> @@ -404,6 +404,10 @@ impl Archiver {
>
> let mut metadata = Metadata::default();
> metadata.stat.mode = pxar::format::mode::IFREG | 0o600;
> + // use uid/gid of client process so the backup snapshot might be restored by the same
> + // potentially non-root user
> + metadata.stat.uid = unsafe { libc::getuid() };
> + metadata.stat.gid = unsafe { libc::getgid() };
>
> let mut file = encoder
> .create_file(&metadata, ".pxarexclude-cli", content.len() as u64)
> --
> 2.39.2
>
>
>
> _______________________________________________
> pbs-devel mailing list
> pbs-devel@lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel
>
>
>
_______________________________________________
pbs-devel mailing list
pbs-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2024-07-02 8:53 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-04-30 15:37 [pbs-devel] [PATCH proxmox-backup] fix 5304: client: set process uid/gid for .pxarexclude-cli Christian Ebner
2024-05-02 9:25 ` Gabriel Goller
2024-06-13 11:05 ` Christian Ebner
2024-07-02 8:52 ` [pbs-devel] applied: " Fabian Grünbichler
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal