From: Max Carrara <m.carrara@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH v1 pve-common 09/18] pbsclient: create secret dir with `mkdir -p` and mode `700`
Date: Fri, 2 Aug 2024 15:26:47 +0200 [thread overview]
Message-ID: <20240802132656.270077-10-m.carrara@proxmox.com> (raw)
In-Reply-To: <20240802132656.270077-1-m.carrara@proxmox.com>
.. instead of using a regular `mkdir` call.
The `File::Path::make_path` subroutine is used for this purpose, which
recursively creates all directories if they didn't exist before. Upon
creation of those directories, the mode is also set to `700`.
This means that (like before), directory permissions are left
untouched if the directory existed already.
Signed-off-by: Max Carrara <m.carrara@proxmox.com>
---
src/PVE/PBSClient.pm | 15 +++++++++++----
1 file changed, 11 insertions(+), 4 deletions(-)
diff --git a/src/PVE/PBSClient.pm b/src/PVE/PBSClient.pm
index e0468d3..2084bb5 100644
--- a/src/PVE/PBSClient.pm
+++ b/src/PVE/PBSClient.pm
@@ -4,6 +4,7 @@ use strict;
use warnings;
use Fcntl qw(F_GETFD F_SETFD FD_CLOEXEC);
+use File::Path;
use File::Temp qw(tempdir);
use IO::File;
use JSON;
@@ -191,7 +192,8 @@ my sub password_file_name {
Updates or creates the I<password> file, storing the given C<$password>.
-If the I<secret directory> does not exist, it is created beforehand.
+If the I<secret directory> does not exist, it is recursively created with the
+permissions C<700> beforehand.
If the I<password> file does not exist, a new one with the permissions C<600>
is created.
@@ -202,7 +204,9 @@ sub set_password {
my ($self, $password) = @_;
my $pwfile = password_file_name($self);
- mkdir($self->{secret_dir});
+ File::Path::make_path($self->{secret_dir}, {
+ mode => 0700,
+ });
PVE::Tools::file_set_contents($pwfile, "$password\n", 0600);
};
@@ -274,7 +278,8 @@ sub encryption_key_file_name {
Updates or creates the I<encryption key> file, storing the given C<$key>.
-If the I<secret directory> does not exist, it is created beforehand.
+If the I<secret directory> does not exist, it is recursively created with the
+permissions C<700> beforehand.
If the I<encryption key> file does not exist, a new one with the permissions C<600>
is created.
@@ -285,7 +290,9 @@ sub set_encryption_key {
my ($self, $key) = @_;
my $encfile = $self->encryption_key_file_name();
- mkdir($self->{secret_dir});
+ File::Path::make_path($self->{secret_dir}, {
+ mode => 0700,
+ });
PVE::Tools::file_set_contents($encfile, "$key\n", 0600);
};
--
2.39.2
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
next prev parent reply other threads:[~2024-08-02 13:28 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-02 13:26 [pve-devel] [PATCH v1 pve-common 00/18] Introduction of libproxmox-backup-client-perl Max Carrara
2024-08-02 13:26 ` [pve-devel] [PATCH v1 pve-common 01/18] pbsclient: rename 'sdir' parameter of constructor to 'secret_dir' Max Carrara
2024-08-02 13:26 ` [pve-devel] [PATCH v1 pve-common 02/18] pbsclient: use parentheses when calling most inbuilts Max Carrara
2024-08-02 13:26 ` [pve-devel] [PATCH v1 pve-common 03/18] pbsclient: use post-if definedness checks instead of '//=' operator Max Carrara
2024-08-02 13:26 ` [pve-devel] [PATCH v1 pve-common 04/18] pbsclient: pull variable out of long post-if definedness check Max Carrara
2024-08-02 13:26 ` [pve-devel] [PATCH v1 pve-common 05/18] pbsclient: use cond. statements instead of chained 'or' operators Max Carrara
2024-08-02 13:26 ` [pve-devel] [PATCH v1 pve-common 06/18] pbsclient: use spaces around list braces and parens around ternaries Max Carrara
2024-08-02 13:26 ` [pve-devel] [PATCH v1 pve-common 07/18] pbsclient: s/foreach/for Max Carrara
2024-08-02 13:26 ` [pve-devel] [PATCH v1 pve-common 08/18] pbsclient: document package and its public functions & methods Max Carrara
2024-08-02 13:26 ` Max Carrara [this message]
2024-08-02 13:26 ` [pve-devel] [PATCH v1 pve-common 10/18] pbsclient: use `File::Spec->catfile` to concatenate file paths Max Carrara
2024-08-02 13:26 ` [pve-devel] [PATCH v1 pve-common 11/18] pbsclient: let `status` method return a hash instead of an array Max Carrara
2024-08-02 13:26 ` [pve-devel] [PATCH v1 pve-common 12/18] pbsclient: throw exception if username of client has no realm Max Carrara
2024-08-02 13:26 ` [pve-devel] [PATCH v1 pve-common 13/18] pbsclient: make method `password_file_name` public Max Carrara
2024-08-02 13:26 ` [pve-devel] [PATCH v1 pve-common 14/18] pbsclient: prohibit implicit return Max Carrara
2024-08-02 13:26 ` [pve-devel] [PATCH v1 pve-common 15/18] pbsclient: don't return anything in PXAR methods Max Carrara
2024-08-02 13:26 ` [pve-devel] [PATCH v1 pve-common 16/18] pbsclient: don't return anything in `forget_snapshot` Max Carrara
2024-08-02 13:26 ` [pve-devel] [PATCH v1 pve-common 17/18] make: support building multiple packages from the same source Max Carrara
2024-08-02 13:26 ` [pve-devel] [PATCH v1 pve-common 18/18] deb: split PBSClient.pm into new package libproxmox-backup-client-perl Max Carrara
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240802132656.270077-10-m.carrara@proxmox.com \
--to=m.carrara@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox