From: Christian Ebner <c.ebner@proxmox.com>
To: pbs-devel@lists.proxmox.com
Subject: [PATCH proxmox-backup v3 07/15] pbs-config: drop backup_group helper, use users gid instead
Date: Wed, 1 Jul 2026 16:04:04 +0200 [thread overview]
Message-ID: <20260701140412.200920-8-c.ebner@proxmox.com> (raw)
In-Reply-To: <20260701140412.200920-1-c.ebner@proxmox.com>
Use the gid as reported for the backup user, which matches the
`backup` group anyways. By this it is possible to use the user
provided via proxmox-product-config::get_api_user() for chunk store
operations instead, avoiding expensive user/group lookups.
Signed-off-by: Christian Ebner <c.ebner@proxmox.com>
---
pbs-config/src/lib.rs | 12 +-----------
pbs-datastore/Cargo.toml | 1 +
pbs-datastore/src/chunk_store.rs | 27 +++++++++++++--------------
src/bin/proxmox-backup-proxy.rs | 5 +++--
src/bin/sg-tape-cmd.rs | 5 +++--
5 files changed, 21 insertions(+), 29 deletions(-)
diff --git a/pbs-config/src/lib.rs b/pbs-config/src/lib.rs
index 73a8a87fa..e2b74f8a8 100644
--- a/pbs-config/src/lib.rs
+++ b/pbs-config/src/lib.rs
@@ -2,7 +2,7 @@ use std::os::unix::prelude::AsRawFd;
use anyhow::{Error, bail, format_err};
use hex::FromHex;
-use nix::unistd::{Gid, Group, Uid, User};
+use nix::unistd::{Uid, User};
use proxmox_product_config::lockfile_create_options;
use proxmox_sys::fs::DirLockGuard;
@@ -44,16 +44,6 @@ pub fn backup_user() -> Result<nix::unistd::User, Error> {
}
}
-/// Return Group info for the 'backup' group (``getgrnam(3)``)
-pub fn backup_group() -> Result<nix::unistd::Group, Error> {
- if cfg!(test) {
- Ok(Group::from_gid(Gid::current())?.expect("current group does not exist"))
- } else {
- Group::from_name(BACKUP_GROUP_NAME)?
- .ok_or_else(|| format_err!("Unable to lookup '{}' group.", BACKUP_GROUP_NAME))
- }
-}
-
/// Return User info for root
pub fn priv_user() -> Result<nix::unistd::User, Error> {
if cfg!(test) {
diff --git a/pbs-datastore/Cargo.toml b/pbs-datastore/Cargo.toml
index 09991e530..b51438dc6 100644
--- a/pbs-datastore/Cargo.toml
+++ b/pbs-datastore/Cargo.toml
@@ -38,6 +38,7 @@ proxmox-http.workspace = true
proxmox-human-byte.workspace = true
proxmox-io.workspace = true
proxmox-lang.workspace=true
+proxmox-product-config.workspace = true
proxmox-s3-client = { workspace = true, features = [ "impl" ] }
proxmox-schema = { workspace = true, features = [ "api-macro" ] }
proxmox-section-config.workspace = true
diff --git a/pbs-datastore/src/chunk_store.rs b/pbs-datastore/src/chunk_store.rs
index a936f5034..09a0242fc 100644
--- a/pbs-datastore/src/chunk_store.rs
+++ b/pbs-datastore/src/chunk_store.rs
@@ -756,12 +756,11 @@ impl ChunkStore {
.parent()
.ok_or_else(|| format_err!("unable to get chunk dir"))?;
- let mut create_options = CreateOptions::new();
- if nix::unistd::Uid::effective().is_root() {
- let uid = pbs_config::backup_user()?.uid;
- let gid = pbs_config::backup_group()?.gid;
- create_options = create_options.owner(uid).group(gid);
- }
+ let create_options = if nix::unistd::Uid::effective().is_root() {
+ proxmox_product_config::default_create_options()
+ } else {
+ CreateOptions::new()
+ };
proxmox_sys::fs::replace_file(
&chunk_path,
raw_data,
@@ -813,12 +812,11 @@ impl ChunkStore {
/// Helper to generate new empty marker file
fn create_marker_file(path: &Path) -> Result<(), Error> {
- let mut create_options = CreateOptions::new();
- if nix::unistd::Uid::effective().is_root() {
- let uid = pbs_config::backup_user()?.uid;
- let gid = pbs_config::backup_group()?.gid;
- create_options = create_options.owner(uid).group(gid);
- }
+ let create_options = if nix::unistd::Uid::effective().is_root() {
+ proxmox_product_config::default_create_options()
+ } else {
+ CreateOptions::new()
+ };
proxmox_sys::fs::replace_file(path, &[], create_options, false)
}
@@ -904,8 +902,9 @@ impl ChunkStore {
fn check_permissions<T: AsRef<Path>>(path: T, file_mode: u32) -> Result<(), Error> {
match nix::sys::stat::stat(path.as_ref()) {
Ok(stat) => {
- if stat.st_uid != u32::from(pbs_config::backup_user()?.uid)
- || stat.st_gid != u32::from(pbs_config::backup_group()?.gid)
+ let backup_user = proxmox_product_config::get_api_user();
+ if stat.st_uid != u32::from(backup_user.uid)
+ || stat.st_gid != u32::from(backup_user.gid)
|| stat.st_mode & 0o777 != file_mode
{
bail!(
diff --git a/src/bin/proxmox-backup-proxy.rs b/src/bin/proxmox-backup-proxy.rs
index b372f779e..37af76ade 100644
--- a/src/bin/proxmox-backup-proxy.rs
+++ b/src/bin/proxmox-backup-proxy.rs
@@ -60,8 +60,9 @@ fn main() -> Result<(), Error> {
proxmox_backup::tools::setup_safe_path_env();
- let backup_uid = pbs_config::backup_user()?.uid;
- let backup_gid = pbs_config::backup_group()?.gid;
+ let backup_user = pbs_config::backup_user()?;
+ let backup_uid = backup_user.uid;
+ let backup_gid = backup_user.gid;
let running_uid = nix::unistd::Uid::effective();
let running_gid = nix::unistd::Gid::effective();
diff --git a/src/bin/sg-tape-cmd.rs b/src/bin/sg-tape-cmd.rs
index 9ff73a4a4..7a365160b 100644
--- a/src/bin/sg-tape-cmd.rs
+++ b/src/bin/sg-tape-cmd.rs
@@ -129,8 +129,9 @@ fn main() -> Result<(), Error> {
.init()?;
// check if we are user root or backup
- let backup_uid = pbs_config::backup_user()?.uid;
- let backup_gid = pbs_config::backup_group()?.gid;
+ let backup_user = pbs_config::backup_user()?;
+ let backup_uid = backup_user.uid;
+ let backup_gid = backup_user.gid;
let running_uid = nix::unistd::Uid::current();
let running_gid = nix::unistd::Gid::current();
--
2.47.3
next prev parent reply other threads:[~2026-07-01 14:04 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-07-01 14:03 [PATCH proxmox-backup v3 00/15] fix 7642: avoid expensive uid/gid lookups for lock- and config-files Christian Ebner
2026-07-01 14:03 ` [PATCH proxmox-backup v3 01/15] bin: api: early init proxmox-product-config Christian Ebner
2026-07-01 14:03 ` [PATCH proxmox-backup v3 02/15] bin: daily update: refactor to use proxmox-product-config Christian Ebner
2026-07-01 14:04 ` [PATCH proxmox-backup v3 03/15] pbs-config: use proxmox-product-config::replace_secret_config() Christian Ebner
2026-07-01 14:04 ` [PATCH proxmox-backup v3 04/15] pbs-config: use proxmox-product-config::replace_config() Christian Ebner
2026-07-01 14:04 ` [PATCH proxmox-backup v3 05/15] fix #7642: avoid expensive user lookups on file locking Christian Ebner
2026-07-01 14:04 ` [PATCH proxmox-backup v3 06/15] pbs-config: use proxmox-product-config helpers Christian Ebner
2026-07-01 14:04 ` Christian Ebner [this message]
2026-07-01 14:04 ` [PATCH proxmox-backup v3 08/15] pbs-datastore: use proxmox-product-config cached backup user Christian Ebner
2026-07-01 14:04 ` [PATCH proxmox-backup v3 09/15] pbs-datastore: use general helpers for file lock create options Christian Ebner
2026-07-01 14:04 ` [PATCH proxmox-backup v3 10/15] server: auth helpers: use proxmox-product-config create options helpers Christian Ebner
2026-07-01 14:04 ` [PATCH proxmox-backup v3 11/15] api: subscription: use proxmox-product-config create options Christian Ebner
2026-07-01 14:04 ` [PATCH proxmox-backup v3 12/15] tape: use proxmox-product-config helper for user lookup Christian Ebner
2026-07-01 14:04 ` [PATCH proxmox-backup v3 13/15] tape: use proxmox-product-config lock file create options Christian Ebner
2026-07-01 14:04 ` [PATCH proxmox-backup v3 14/15] tape: use proxmox-product-config to generate " Christian Ebner
2026-07-01 14:04 ` [PATCH proxmox-backup v3 15/15] tree-wide: use proxmox-product-config::get_api_user for user lookup Christian Ebner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260701140412.200920-8-c.ebner@proxmox.com \
--to=c.ebner@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.