From: Dietmar Maurer <dietmar@proxmox.com>
To: pbs-devel@lists.proxmox.com
Subject: [pbs-devel] [PATCH proxmox-backup] fix directory permission problems
Date: Fri, 12 Nov 2021 07:54:52 +0100 [thread overview]
Message-ID: <20211112065452.2839213-1-dietmar@proxmox.com> (raw)
By carefully setting options on all create_path() calls,
and by creating "/var/lib/proxmox-backup" at api server startup.
---
pbs-buildcfg/src/lib.rs | 6 ++++++
src/rrd_cache.rs | 5 ++++-
src/server/jobstate.rs | 7 +++++--
src/server/mod.rs | 9 +++++++++
src/tape/mod.rs | 28 ++++++++++++++++++++++------
src/tools/apt.rs | 3 ++-
6 files changed, 48 insertions(+), 10 deletions(-)
diff --git a/pbs-buildcfg/src/lib.rs b/pbs-buildcfg/src/lib.rs
index d89a508b..d6f79de9 100644
--- a/pbs-buildcfg/src/lib.rs
+++ b/pbs-buildcfg/src/lib.rs
@@ -22,6 +22,9 @@ pub const BACKUP_GROUP_NAME: &str = "backup";
#[macro_export]
macro_rules! PROXMOX_BACKUP_RUN_DIR_M { () => ("/run/proxmox-backup") }
+#[macro_export]
+macro_rules! PROXMOX_BACKUP_STATE_DIR_M { () => ("/var/lib/proxmox-backup") }
+
#[macro_export]
macro_rules! PROXMOX_BACKUP_LOG_DIR_M { () => ("/var/log/proxmox-backup") }
@@ -36,6 +39,9 @@ macro_rules! PROXMOX_BACKUP_FILE_RESTORE_BIN_DIR_M {
/// namespaced directory for in-memory (tmpfs) run state
pub const PROXMOX_BACKUP_RUN_DIR: &str = PROXMOX_BACKUP_RUN_DIR_M!();
+/// namespaced directory for persistent state
+pub const PROXMOX_BACKUP_STATE_DIR: &str = PROXMOX_BACKUP_STATE_DIR_M!();
+
/// namespaced directory for persistent logging
pub const PROXMOX_BACKUP_LOG_DIR: &str = PROXMOX_BACKUP_LOG_DIR_M!();
diff --git a/src/rrd_cache.rs b/src/rrd_cache.rs
index d1b8f9a9..45508107 100644
--- a/src/rrd_cache.rs
+++ b/src/rrd_cache.rs
@@ -7,8 +7,11 @@ use proxmox::tools::fs::CreateOptions;
use proxmox_rrd::RRDCache;
use proxmox_rrd::rrd::{RRD, DST, CF};
+use pbs_buildcfg::PROXMOX_BACKUP_STATE_DIR_M;
use pbs_api_types::{RRDMode, RRDTimeFrame};
+const RRD_CACHE_BASEDIR: &str = concat!(PROXMOX_BACKUP_STATE_DIR_M!(), "/rrdb");
+
pub static RRD_CACHE: OnceCell<RRDCache> = OnceCell::new();
/// Get the RRD cache instance
@@ -34,7 +37,7 @@ pub fn initialize_rrd_cache() -> Result<&'static RRDCache, Error> {
let apply_interval = 30.0*60.0; // 30 minutes
let cache = RRDCache::new(
- "/var/lib/proxmox-backup/rrdb",
+ RRD_CACHE_BASEDIR,
Some(file_options),
Some(dir_options),
apply_interval,
diff --git a/src/server/jobstate.rs b/src/server/jobstate.rs
index 8df245d6..23e3c2bd 100644
--- a/src/server/jobstate.rs
+++ b/src/server/jobstate.rs
@@ -47,6 +47,8 @@ use proxmox::tools::fs::{
};
use proxmox_systemd::time::{compute_next_event, parse_calendar_event};
+
+use pbs_buildcfg::PROXMOX_BACKUP_STATE_DIR_M;
use pbs_config::{open_backup_lockfile, BackupLockGuard};
use pbs_api_types::{UPID, JobScheduleStatus};
@@ -77,16 +79,17 @@ pub struct Job {
_lock: BackupLockGuard,
}
-const JOB_STATE_BASEDIR: &str = "/var/lib/proxmox-backup/jobstates";
+const JOB_STATE_BASEDIR: &str = concat!(PROXMOX_BACKUP_STATE_DIR_M!(), "/jobstates");
/// Create jobstate stat dir with correct permission
pub fn create_jobstate_dir() -> Result<(), Error> {
let backup_user = pbs_config::backup_user()?;
+
let opts = CreateOptions::new()
.owner(backup_user.uid)
.group(backup_user.gid);
- create_path(JOB_STATE_BASEDIR, None, Some(opts))
+ create_path(JOB_STATE_BASEDIR, Some(opts.clone()), Some(opts))
.map_err(|err: Error| format_err!("unable to create rrdb stat dir - {}", err))?;
Ok(())
diff --git a/src/server/mod.rs b/src/server/mod.rs
index a6574631..deeb3398 100644
--- a/src/server/mod.rs
+++ b/src/server/mod.rs
@@ -62,3 +62,12 @@ pub fn create_run_dir() -> Result<(), Error> {
let _: bool = create_path(pbs_buildcfg::PROXMOX_BACKUP_RUN_DIR_M!(), None, Some(opts))?;
Ok(())
}
+
+pub fn create_state_dir() -> Result<(), Error> {
+ let backup_user = pbs_config::backup_user()?;
+ let opts = CreateOptions::new()
+ .owner(backup_user.uid)
+ .group(backup_user.gid);
+ create_path(pbs_buildcfg::PROXMOX_BACKUP_STATE_DIR_M!(), None, Some(opts))?;
+ Ok(())
+}
diff --git a/src/tape/mod.rs b/src/tape/mod.rs
index 5d4d46f1..897d1525 100644
--- a/src/tape/mod.rs
+++ b/src/tape/mod.rs
@@ -7,7 +7,7 @@ use proxmox::tools::fs::{
CreateOptions,
};
-use pbs_buildcfg::PROXMOX_BACKUP_RUN_DIR_M;
+use pbs_buildcfg::{PROXMOX_BACKUP_RUN_DIR_M, PROXMOX_BACKUP_STATE_DIR_M};
#[cfg(test)]
mod test;
@@ -37,7 +37,7 @@ mod pool_writer;
pub use pool_writer::*;
/// Directory path where we store all tape status information
-pub const TAPE_STATUS_DIR: &str = "/var/lib/proxmox-backup/tape";
+pub const TAPE_STATUS_DIR: &str = concat!(PROXMOX_BACKUP_STATE_DIR_M!(), "/tape");
/// Directory path where we store drive lock file
pub const DRIVE_LOCK_DIR: &str = concat!(PROXMOX_BACKUP_RUN_DIR_M!(), "/drive-lock");
@@ -66,7 +66,11 @@ pub fn create_tape_status_dir() -> Result<(), Error> {
.owner(backup_user.uid)
.group(backup_user.gid);
- create_path(TAPE_STATUS_DIR, None, Some(options))
+ let parent_opts = CreateOptions::new()
+ .owner(backup_user.uid)
+ .group(backup_user.gid);
+
+ create_path(TAPE_STATUS_DIR, Some(parent_opts), Some(options))
.map_err(|err: Error| format_err!("unable to create tape status dir - {}", err))?;
Ok(())
@@ -81,7 +85,11 @@ pub fn create_drive_lock_dir() -> Result<(), Error> {
.owner(backup_user.uid)
.group(backup_user.gid);
- create_path(DRIVE_LOCK_DIR, None, Some(options))
+ let parent_opts = CreateOptions::new()
+ .owner(backup_user.uid)
+ .group(backup_user.gid);
+
+ create_path(DRIVE_LOCK_DIR, Some(parent_opts), Some(options))
.map_err(|err: Error| format_err!("unable to create drive state dir - {}", err))?;
Ok(())
@@ -96,7 +104,11 @@ pub fn create_drive_state_dir() -> Result<(), Error> {
.owner(backup_user.uid)
.group(backup_user.gid);
- create_path(DRIVE_STATE_DIR, None, Some(options))
+ let parent_opts = CreateOptions::new()
+ .owner(backup_user.uid)
+ .group(backup_user.gid);
+
+ create_path(DRIVE_STATE_DIR, Some(parent_opts), Some(options))
.map_err(|err: Error| format_err!("unable to create drive state dir - {}", err))?;
Ok(())
@@ -111,7 +123,11 @@ pub fn create_changer_state_dir() -> Result<(), Error> {
.owner(backup_user.uid)
.group(backup_user.gid);
- create_path(CHANGER_STATE_DIR, None, Some(options))
+ let parent_opts = CreateOptions::new()
+ .owner(backup_user.uid)
+ .group(backup_user.gid);
+
+ create_path(CHANGER_STATE_DIR, Some(parent_opts), Some(options))
.map_err(|err: Error| format_err!("unable to create changer state dir - {}", err))?;
Ok(())
diff --git a/src/tools/apt.rs b/src/tools/apt.rs
index 1ffaaa6a..e1e8add8 100644
--- a/src/tools/apt.rs
+++ b/src/tools/apt.rs
@@ -7,9 +7,10 @@ use apt_pkg_native::Cache;
use proxmox::tools::fs::{file_read_optional_string, replace_file, CreateOptions};
use proxmox_schema::const_regex;
+use pbs_buildcfg::PROXMOX_BACKUP_STATE_DIR_M;
use pbs_api_types::APTUpdateInfo;
-const APT_PKG_STATE_FN: &str = "/var/lib/proxmox-backup/pkg-state.json";
+const APT_PKG_STATE_FN: &str = concat!(PROXMOX_BACKUP_STATE_DIR_M!(), "/pkg-state.json");
#[derive(Debug, serde::Serialize, serde::Deserialize)]
/// Some information we cache about the package (update) state, like what pending update version
--
2.30.2
reply other threads:[~2021-11-12 6:54 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211112065452.2839213-1-dietmar@proxmox.com \
--to=dietmar@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox