public inbox for pbs-devel@lists.proxmox.com
 help / color / mirror / Atom feed
From: Dietmar Maurer <dietmar@proxmox.com>
To: pbs-devel@lists.proxmox.com
Subject: [pbs-devel] [PATCH proxmox-backup] fix directory permission problems
Date: Fri, 12 Nov 2021 07:54:52 +0100	[thread overview]
Message-ID: <20211112065452.2839213-1-dietmar@proxmox.com> (raw)

By carefully setting options on all create_path() calls,
and by creating "/var/lib/proxmox-backup" at api server startup.
---
 pbs-buildcfg/src/lib.rs |  6 ++++++
 src/rrd_cache.rs        |  5 ++++-
 src/server/jobstate.rs  |  7 +++++--
 src/server/mod.rs       |  9 +++++++++
 src/tape/mod.rs         | 28 ++++++++++++++++++++++------
 src/tools/apt.rs        |  3 ++-
 6 files changed, 48 insertions(+), 10 deletions(-)

diff --git a/pbs-buildcfg/src/lib.rs b/pbs-buildcfg/src/lib.rs
index d89a508b..d6f79de9 100644
--- a/pbs-buildcfg/src/lib.rs
+++ b/pbs-buildcfg/src/lib.rs
@@ -22,6 +22,9 @@ pub const BACKUP_GROUP_NAME: &str = "backup";
 #[macro_export]
 macro_rules! PROXMOX_BACKUP_RUN_DIR_M { () => ("/run/proxmox-backup") }
 
+#[macro_export]
+macro_rules! PROXMOX_BACKUP_STATE_DIR_M { () => ("/var/lib/proxmox-backup") }
+
 #[macro_export]
 macro_rules! PROXMOX_BACKUP_LOG_DIR_M { () => ("/var/log/proxmox-backup") }
 
@@ -36,6 +39,9 @@ macro_rules! PROXMOX_BACKUP_FILE_RESTORE_BIN_DIR_M {
 /// namespaced directory for in-memory (tmpfs) run state
 pub const PROXMOX_BACKUP_RUN_DIR: &str = PROXMOX_BACKUP_RUN_DIR_M!();
 
+/// namespaced directory for persistent state
+pub const PROXMOX_BACKUP_STATE_DIR: &str = PROXMOX_BACKUP_STATE_DIR_M!();
+
 /// namespaced directory for persistent logging
 pub const PROXMOX_BACKUP_LOG_DIR: &str = PROXMOX_BACKUP_LOG_DIR_M!();
 
diff --git a/src/rrd_cache.rs b/src/rrd_cache.rs
index d1b8f9a9..45508107 100644
--- a/src/rrd_cache.rs
+++ b/src/rrd_cache.rs
@@ -7,8 +7,11 @@ use proxmox::tools::fs::CreateOptions;
 use proxmox_rrd::RRDCache;
 use proxmox_rrd::rrd::{RRD, DST, CF};
 
+use pbs_buildcfg::PROXMOX_BACKUP_STATE_DIR_M;
 use pbs_api_types::{RRDMode, RRDTimeFrame};
 
+const RRD_CACHE_BASEDIR: &str = concat!(PROXMOX_BACKUP_STATE_DIR_M!(), "/rrdb");
+
 pub static RRD_CACHE: OnceCell<RRDCache> = OnceCell::new();
 
 /// Get the RRD cache instance
@@ -34,7 +37,7 @@ pub fn initialize_rrd_cache() -> Result<&'static RRDCache, Error> {
     let apply_interval = 30.0*60.0; // 30 minutes
 
     let cache = RRDCache::new(
-        "/var/lib/proxmox-backup/rrdb",
+        RRD_CACHE_BASEDIR,
         Some(file_options),
         Some(dir_options),
         apply_interval,
diff --git a/src/server/jobstate.rs b/src/server/jobstate.rs
index 8df245d6..23e3c2bd 100644
--- a/src/server/jobstate.rs
+++ b/src/server/jobstate.rs
@@ -47,6 +47,8 @@ use proxmox::tools::fs::{
 };
 
 use proxmox_systemd::time::{compute_next_event, parse_calendar_event};
+
+use pbs_buildcfg::PROXMOX_BACKUP_STATE_DIR_M;
 use pbs_config::{open_backup_lockfile, BackupLockGuard};
 use pbs_api_types::{UPID, JobScheduleStatus};
 
@@ -77,16 +79,17 @@ pub struct Job {
     _lock: BackupLockGuard,
 }
 
-const JOB_STATE_BASEDIR: &str = "/var/lib/proxmox-backup/jobstates";
+const JOB_STATE_BASEDIR: &str = concat!(PROXMOX_BACKUP_STATE_DIR_M!(), "/jobstates");
 
 /// Create jobstate stat dir with correct permission
 pub fn create_jobstate_dir() -> Result<(), Error> {
     let backup_user = pbs_config::backup_user()?;
+
     let opts = CreateOptions::new()
         .owner(backup_user.uid)
         .group(backup_user.gid);
 
-    create_path(JOB_STATE_BASEDIR, None, Some(opts))
+    create_path(JOB_STATE_BASEDIR, Some(opts.clone()), Some(opts))
         .map_err(|err: Error| format_err!("unable to create rrdb stat dir - {}", err))?;
 
     Ok(())
diff --git a/src/server/mod.rs b/src/server/mod.rs
index a6574631..deeb3398 100644
--- a/src/server/mod.rs
+++ b/src/server/mod.rs
@@ -62,3 +62,12 @@ pub fn create_run_dir() -> Result<(), Error> {
     let _: bool = create_path(pbs_buildcfg::PROXMOX_BACKUP_RUN_DIR_M!(), None, Some(opts))?;
     Ok(())
 }
+
+pub fn create_state_dir() -> Result<(), Error> {
+    let backup_user = pbs_config::backup_user()?;
+    let opts = CreateOptions::new()
+        .owner(backup_user.uid)
+        .group(backup_user.gid);
+    create_path(pbs_buildcfg::PROXMOX_BACKUP_STATE_DIR_M!(), None, Some(opts))?;
+    Ok(())
+}
diff --git a/src/tape/mod.rs b/src/tape/mod.rs
index 5d4d46f1..897d1525 100644
--- a/src/tape/mod.rs
+++ b/src/tape/mod.rs
@@ -7,7 +7,7 @@ use proxmox::tools::fs::{
     CreateOptions,
 };
 
-use pbs_buildcfg::PROXMOX_BACKUP_RUN_DIR_M;
+use pbs_buildcfg::{PROXMOX_BACKUP_RUN_DIR_M, PROXMOX_BACKUP_STATE_DIR_M};
 
 #[cfg(test)]
 mod test;
@@ -37,7 +37,7 @@ mod pool_writer;
 pub use pool_writer::*;
 
 /// Directory path where we store all tape status information
-pub const TAPE_STATUS_DIR: &str = "/var/lib/proxmox-backup/tape";
+pub const TAPE_STATUS_DIR: &str = concat!(PROXMOX_BACKUP_STATE_DIR_M!(), "/tape");
 
 /// Directory path where we store drive lock file
 pub const DRIVE_LOCK_DIR: &str = concat!(PROXMOX_BACKUP_RUN_DIR_M!(), "/drive-lock");
@@ -66,7 +66,11 @@ pub fn create_tape_status_dir() -> Result<(), Error> {
         .owner(backup_user.uid)
         .group(backup_user.gid);
 
-    create_path(TAPE_STATUS_DIR, None, Some(options))
+    let parent_opts = CreateOptions::new()
+        .owner(backup_user.uid)
+        .group(backup_user.gid);
+
+    create_path(TAPE_STATUS_DIR, Some(parent_opts), Some(options))
         .map_err(|err: Error| format_err!("unable to create tape status dir - {}", err))?;
 
     Ok(())
@@ -81,7 +85,11 @@ pub fn create_drive_lock_dir() -> Result<(), Error> {
         .owner(backup_user.uid)
         .group(backup_user.gid);
 
-    create_path(DRIVE_LOCK_DIR, None, Some(options))
+    let parent_opts = CreateOptions::new()
+        .owner(backup_user.uid)
+        .group(backup_user.gid);
+
+    create_path(DRIVE_LOCK_DIR, Some(parent_opts), Some(options))
         .map_err(|err: Error| format_err!("unable to create drive state dir - {}", err))?;
 
     Ok(())
@@ -96,7 +104,11 @@ pub fn create_drive_state_dir() -> Result<(), Error> {
         .owner(backup_user.uid)
         .group(backup_user.gid);
 
-    create_path(DRIVE_STATE_DIR, None, Some(options))
+    let parent_opts = CreateOptions::new()
+        .owner(backup_user.uid)
+        .group(backup_user.gid);
+
+    create_path(DRIVE_STATE_DIR, Some(parent_opts), Some(options))
         .map_err(|err: Error| format_err!("unable to create drive state dir - {}", err))?;
 
     Ok(())
@@ -111,7 +123,11 @@ pub fn create_changer_state_dir() -> Result<(), Error> {
         .owner(backup_user.uid)
         .group(backup_user.gid);
 
-    create_path(CHANGER_STATE_DIR, None, Some(options))
+    let parent_opts = CreateOptions::new()
+        .owner(backup_user.uid)
+        .group(backup_user.gid);
+
+    create_path(CHANGER_STATE_DIR, Some(parent_opts), Some(options))
         .map_err(|err: Error| format_err!("unable to create changer state dir - {}", err))?;
 
     Ok(())
diff --git a/src/tools/apt.rs b/src/tools/apt.rs
index 1ffaaa6a..e1e8add8 100644
--- a/src/tools/apt.rs
+++ b/src/tools/apt.rs
@@ -7,9 +7,10 @@ use apt_pkg_native::Cache;
 use proxmox::tools::fs::{file_read_optional_string, replace_file, CreateOptions};
 use proxmox_schema::const_regex;
 
+use pbs_buildcfg::PROXMOX_BACKUP_STATE_DIR_M;
 use pbs_api_types::APTUpdateInfo;
 
-const APT_PKG_STATE_FN: &str = "/var/lib/proxmox-backup/pkg-state.json";
+const APT_PKG_STATE_FN: &str = concat!(PROXMOX_BACKUP_STATE_DIR_M!(), "/pkg-state.json");
 
 #[derive(Debug, serde::Serialize, serde::Deserialize)]
 /// Some information we cache about the package (update) state, like what pending update version
-- 
2.30.2





                 reply	other threads:[~2021-11-12  6:54 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20211112065452.2839213-1-dietmar@proxmox.com \
    --to=dietmar@proxmox.com \
    --cc=pbs-devel@lists.proxmox.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal