From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 5849F69CF1 for ; Mon, 14 Mar 2022 15:19:10 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 46A3750E3 for ; Mon, 14 Mar 2022 15:18:40 +0100 (CET) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id 06A4A50D4 for ; Mon, 14 Mar 2022 15:18:38 +0100 (CET) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id B8C754276D for ; Mon, 14 Mar 2022 15:18:38 +0100 (CET) Message-ID: Date: Mon, 14 Mar 2022 15:18:37 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.6.2 Content-Language: en-US To: Thomas Lamprecht , Wolfgang Bumiller Cc: Proxmox Backup Server development discussion References: <20220309135031.1995207-1-s.sterz@proxmox.com> <717c8999-d3f8-a01b-a8f5-da0f5960d23f@proxmox.com> <20220314093617.n2mc2jv4k6ntzroo@wobu-vie.proxmox.com> <738d037f-ed3c-db76-287f-5b6d37a3b7f3@proxmox.com> From: Stefan Sterz In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.000 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment NICE_REPLY_A -0.001 Looks like a legit reply (A) SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record T_SCC_BODY_TEXT_LINE -0.01 - Subject: Re: [pbs-devel] [PATCH proxmox-backup] fix #3336: api: remove backup group if the last snapshot is removed X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Mar 2022 14:19:10 -0000 On 14.03.22 12:36, Thomas Lamprecht wrote: > On 14.03.22 12:13, Stefan Sterz wrote: >> how do we move forward on this issue? the changes proposed above sound >> rather far reaching and not really connected to the bug that sparked >> the original patch. it might make sense to break them out into their >> own patch series and either fix the issue at hand (bug #3336) after it >> has been applied. alternatively we could just remove the "owner" file >> in a given group. this should fix the bug too and would not suffer >> from the locking problem (as we would lock its parent directory), but >> would leave empty directories behind. please advise 😄 >> > > I reread the actual bug and it seems that if we're Ok with just deleting > the owner with the rather implicit reason of the last snapshot being > deleted, allowing another authid to "snatch up" that backup group ownership, > then just deleting the owner file would be the simplest solution. > > I'm not against that, and I definitively agree with the bug report that > doing so is less work, but given how serious we honor the owner in general, > it feels a bit odd to just implicitly do so on a single snapshot deletion. > > On the other hand, we also handle creation in a similar implicit matter, > so maybe I'm overthinking it and just removing it would actually be more > consistent/expected for users. > > So, if you don't see a problem/issue with that approach and agree with > the last paragraph above feel free to go for deleting the owner file only. for the most part i agree with you. i would also like to point out that when a group is deleted (as in, not the last snapshot, but the entire group at once) the owner is also implicitly removed (because the entire group directory is removed). so in a way, we already delete ownership information implicitly and the proposed solution would just be consistent with that behavior. however, i did some more digging and testing and it turns out that we currently assume the owner file to be present when a group directory exists. this affects not only sync jobs, but also verification and more. thus, i would need to do quite a bit of refactoring to get this to work and even more testing. so while this issue seemed simple enough, as far as i can tell our current options are: 1. re-factor locking and remove the directory 2. re-factor how an empty group directory and the owner file is treated 3. add "empty" groups to the gui in light of this, taking the gui route is possibly the easiest option. sorry, for not being aware of this earlier.