[pbs-devel] applied: [PATCH backup 2/2] bin/backup-proxy: assert that daemon runs as backup user/group
Thomas Lamprecht
t.lamprecht at proxmox.com
Wed Aug 26 10:31:13 CEST 2020
Because if not, the backups it creates have bogus permissions and may
seem like they got broken once the daemon is started again with the
correct user/group.
Signed-off-by: Thomas Lamprecht <t.lamprecht at proxmox.com>
---
src/bin/proxmox-backup-proxy.rs | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/src/bin/proxmox-backup-proxy.rs b/src/bin/proxmox-backup-proxy.rs
index dd7904c3..dd081dfe 100644
--- a/src/bin/proxmox-backup-proxy.rs
+++ b/src/bin/proxmox-backup-proxy.rs
@@ -23,6 +23,15 @@ use proxmox_backup::api2::pull::do_sync_job;
fn main() -> Result<(), Error> {
proxmox_backup::tools::setup_safe_path_env();
+ let backup_uid = proxmox_backup::backup::backup_user()?.uid;
+ let backup_gid = proxmox_backup::backup::backup_group()?.gid;
+ let running_uid = nix::unistd::Uid::effective();
+ let running_gid = nix::unistd::Gid::effective();
+
+ if running_uid != backup_uid || running_gid != backup_gid {
+ bail!("proxy not running as backup user or group (got uid {} gid {})", running_uid, running_gid);
+ }
+
proxmox_backup::tools::runtime::main(run())
}
--
2.27.0
More information about the pbs-devel
mailing list