From: Christian Ebner <c.ebner@proxmox.com>
To: pbs-devel@lists.proxmox.com
Subject: [PATCH proxmox-backup v2 5/5] fix #7642: avoid expensive user lookups on file locking
Date: Wed, 1 Jul 2026 11:46:42 +0200 [thread overview]
Message-ID: <20260701094642.23895-6-c.ebner@proxmox.com> (raw)
In-Reply-To: <20260701094642.23895-1-c.ebner@proxmox.com>
Currently each time a backup lock file is being acquired, the backup
user is looked in order to instantiate the create options used if the
lock file is not pre-existing, which requires knowledge of the uid
and gid. backup_user() internally however calls User::from_name(),
which itself uses getpwnam_r(3) [0] and therefore can involve
nsswitch.conf and /etc/passwd parsing, including several syscalls to
do so (see backtrace in linked issue).
Ideally proxmox_product_config::open_api_lockfile() would be used as
drop in replacement for open_backup_lockfile(), which is however not
possible until the currently required legacy locking fallback
implementation remains in place (to be dropped with PBS 5).
Therefore, only switch to
proxmox_product_config::lockfile_create_options() for the time being.
By this the api user as read on init is used for all file lock
operations using this helper.
[0] https://docs.rs/nix/0.29.0/nix/unistd/struct.User.html#method.from_name
Fixes: https://bugzilla.proxmox.com/show_bug.cgi?id=7642
Signed-off-by: Christian Ebner <c.ebner@proxmox.com>
---
pbs-config/src/lib.rs | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/pbs-config/src/lib.rs b/pbs-config/src/lib.rs
index b9d5a4d20..73a8a87fa 100644
--- a/pbs-config/src/lib.rs
+++ b/pbs-config/src/lib.rs
@@ -4,6 +4,7 @@ use anyhow::{Error, bail, format_err};
use hex::FromHex;
use nix::unistd::{Gid, Group, Uid, User};
+use proxmox_product_config::lockfile_create_options;
use proxmox_sys::fs::DirLockGuard;
pub use pbs_buildcfg::{BACKUP_GROUP_NAME, BACKUP_USER_NAME};
@@ -106,11 +107,9 @@ pub fn open_backup_lockfile<P: AsRef<std::path::Path>>(
timeout: Option<std::time::Duration>,
exclusive: bool,
) -> Result<BackupLockGuard, Error> {
- let user = backup_user()?;
- let options = proxmox_sys::fs::CreateOptions::new()
- .perm(nix::sys::stat::Mode::from_bits_truncate(0o660))
- .owner(user.uid)
- .group(user.gid);
+ // TODO: Replace whole helper with proxmox_product_config::open_api_lockfile() when
+ // dropping _legacy_dir in in PBS5.
+ let options = lockfile_create_options();
let timeout = timeout.unwrap_or(std::time::Duration::new(10, 0));
--
2.47.3
next prev parent reply other threads:[~2026-07-01 9:46 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-07-01 9:46 [PATCH proxmox-backup v2 0/5] fix 7642: avoid expensive uid/gid lookups for lock- and config-files Christian Ebner
2026-07-01 9:46 ` [PATCH proxmox-backup v2 1/5] bin: api: early init proxmox-product-config Christian Ebner
2026-07-01 9:46 ` [PATCH proxmox-backup v2 2/5] bin: daily update: refactor to use proxmox-product-config Christian Ebner
2026-07-01 9:46 ` [PATCH proxmox-backup v2 3/5] pbs-config: use proxmox-product-config::replace_secret_config() Christian Ebner
2026-07-01 9:46 ` [PATCH proxmox-backup v2 4/5] pbs-config: use proxmox-product-config::replace_config() Christian Ebner
2026-07-01 9:46 ` Christian Ebner [this message]
2026-07-01 14:06 ` superseded: [PATCH proxmox-backup v2 0/5] fix 7642: avoid expensive uid/gid lookups for lock- and config-files Christian Ebner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260701094642.23895-6-c.ebner@proxmox.com \
--to=c.ebner@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.