konevsa/proxmox
1
0
Fork 0
forked from Proxmox/proxmox
Code Pull Requests Activity

product-config: new create_secret_dir function

Browse Source 
Signed-off-by: Dietmar Maurer <dietmar@proxmox.com>
This commit is contained in:
Dietmar Maurer 2024-06-04 12:53:41 +02:00
parent 6c30be2280
commit cb971b402f
1 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
proxmox-product-config/src/filesystem_helpers.rs
View File

@ -3,6 +3,7 @@ use std::path::Path;
use anyhow::Error; use anyhow::Error;
use nix::sys::stat::Mode; use nix::sys::stat::Mode;
use proxmox_sys::error::SysError;
use proxmox_sys::fs::CreateOptions; use proxmox_sys::fs::CreateOptions;
use super::{get_api_user, get_priv_user}; use super::{get_api_user, get_priv_user};
@ -88,6 +89,18 @@ pub fn replace_secret_config<P: AsRef<Path>>(path: P, data: &[u8]) -> Result<(),
Ok(()) Ok(())
} }
/// Creates a directory owned by `priv_user.uid:priv_user.gid` with permission `0700`.
///
/// Simply returns Ok if the directory already exists.
pub fn create_secret_dir<P: AsRef<Path>>(dir: P) -> Result<(), Error> {
let options = secret_create_options().perm(Mode::from_bits_truncate(0o700));
match proxmox_sys::fs::create_dir(dir, options) {
Ok(()) => Ok(()),
Err(err) if err.already_exists() => Ok(()),
Err(err) => Err(err.into()),
}
}
/// Atomically write data to file owned by `root:root` with permission `0644`. /// Atomically write data to file owned by `root:root` with permission `0644`.
/// ///
/// Everyone can read, but only the superuser can write those files. This is usually used /// Everyone can read, but only the superuser can write those files. This is usually used