Set schedule permissions (#476)

* create user owned service and timer when scheduled using sudo

* fix HOME on user permission

* change owner of drop ins files when user scheduling with sudo

* remove schedule with different permission

* don't need to check for error at this stage

Author: creativeprojects

.github/workflows/doc.yml

@@ -55,7 +55,7 @@ jobs:
         with:
           url: "https://${{ env.BRANCH_NAME }}.resticprofile.pages.dev/"
           pages_path: ./public/
-          cmd_params: '--exclude="(linux\.die\.net|stackoverflow\.com|scoop\.sh|0-18)" --buffer-size=8192 --max-connections=10 --color=always --skip-tls-verification --header="User-Agent:curl/7.54.0" --timeout=20'
+          cmd_params: '--exclude="(linux\.die\.net|scoop\.sh|0-18)" --buffer-size=8192 --max-connections-per-host=8 --color=always --skip-tls-verification --header="User-Agent: Muffet/2.10.8" --timeout=20'
 
       - name: Publish to pages.dev
         continue-on-error: true # secrets are not set for PRs from forks

.github/workflows/release-doc.yml

@@ -49,7 +49,7 @@ jobs:
         with:
           url: https://creativeprojects.github.io/resticprofile/
           pages_path: ./www/
-          cmd_params: '--exclude="(linux\.die\.net|stackoverflow\.com|scoop\.sh|0-18)" --buffer-size=8192 --max-connections-per-host=5 --rate-limit=5 --timeout=20 --header="User-Agent:curl/7.54.0" --skip-tls-verification'
+          cmd_params: '--exclude="(linux\.die\.net|scoop\.sh|0-18)" --buffer-size=8192 --max-connections-per-host=8 --timeout=20 --header="User-Agent: Muffet/2.10.8" --skip-tls-verification'
 
       - name: Deploy to GitHub Pages
         uses: peaceiris/actions-gh-pages@v4

Makefile

@@ -298,7 +298,10 @@ checkdoc:
 .PHONY: checklinks
 checklinks:
 	@echo "[*] $@"
-	muffet -b 8192 --max-connections=10 --exclude="(linux\.die\.net|stackoverflow\.com|scoop\.sh|0-18)" http://localhost:1313/resticprofile/
+	muffet -b 8192 --max-connections-per-host=8 \
+	  --exclude="(linux\.die\.net|scoop\.sh|0-18)" \
+	  --header="User-Agent: Muffet/$$(muffet --version)" \
+	  http://localhost:1313/resticprofile/
 
 .PHONY: lint
 lint: $(GOBIN)/golangci-lint

examples/linux.yaml

@@ -98,12 +98,14 @@ longrun:
 self:
     inherit: default
     status-file: /tmp/status.json
+    # systemd-drop-in-files: [ drop-in-example.conf ]
     backup:
         extended-status: true
         source: ./
         schedule:
             at: "*:15,20,25"
             permission: system
+            after-network-online: true
     check:
         schedule-permission: user
         schedule:

schedule/handler_crond.go

@@ -202,7 +202,7 @@ func (h *HandlerCrond) CheckPermission(user user.User, p Permission) bool {
 		return true
 
 	default:
-		if user.SudoRoot || user.Uid == 0 {
+		if user.IsRoot() {
 			return true
 		}
 		// last case is system (or undefined) + no sudo

schedule/handler_darwin.go

@@ -268,8 +268,7 @@ func (h *HandlerLaunchd) CheckPermission(user user.User, p Permission) bool {
 		return true
 
 	default:
-		if user.SudoRoot || user.Uid == 0 {
-			// user has sudoed
+		if user.IsRoot() {
 			return true
 		}
 		// last case is system (or undefined) + no sudo

schedule/handler_systemd.go

@@ -108,13 +108,33 @@ func (h *HandlerSystemd) DisplayStatus(profileName string) error {
 
 // CreateJob is creating the systemd unit and activating it
 func (h *HandlerSystemd) CreateJob(job *Config, schedules []*calendar.Event, permission Permission) error {
-	unitType, user := permissionToSystemd(user.Current(), permission)
+	u := user.Current()
+	unitType, user := permissionToSystemd(u, permission)
 
 	if unitType == systemd.UserUnit && job.AfterNetworkOnline {
 		return fmt.Errorf("after-network-online is not available for \"user_logged_on\" permission schedules")
 	}
 
-	err := systemd.Generate(systemd.Config{
+	// check the user hasn't changed the permission, which could duplicate the unit (system & user)
+	otherUnitType := systemd.SystemUnit
+	if unitType == systemd.SystemUnit {
+		otherUnitType = systemd.UserUnit
+	}
+	if cfgs, _ := getConfigs(job.ProfileName, otherUnitType); len(cfgs) > 0 { // ignore errors here
+		for _, cfg := range cfgs {
+			if cfg.CommandName == job.CommandName && cfg.ProfileName == job.ProfileName {
+				// we'd better remove this schedule first
+				clog.Infof("removing existing unit with different permission")
+				err := h.RemoveJob(&cfg, PermissionFromConfig(cfg.Permission))
+				if err != nil {
+					return fmt.Errorf("cannot remove existing unit before scheduling with different permission. You might want to retry using sudo.")
+				}
+			}
+		}
+	}
+
+	unit := systemd.NewUnit(u)
+	err := unit.Generate(systemd.Config{
 		CommandLine:          job.Command + " --no-prio " + job.Arguments.String(),
 		Environment:          job.Environment,
 		WorkingDirectory:     job.WorkingDirectory,
@@ -169,7 +189,9 @@ func (h *HandlerSystemd) CreateJob(job *Config, schedules []*calendar.Event, per
 // RemoveJob is disabling the systemd unit and deleting the timer and service files
 func (h *HandlerSystemd) RemoveJob(job *Config, permission Permission) error {
 	var err error
-	unitType, _ := permissionToSystemd(user.Current(), permission)
+	unit := systemd.NewUnit(user.Current())
+	u := user.Current()
+	unitType, _ := permissionToSystemd(u, permission)
 	serviceFile := systemd.GetServiceFile(job.ProfileName, job.CommandName)
 	unitLoaded, err := unitLoaded(serviceFile, unitType)
 	if err != nil {
@@ -195,7 +217,7 @@ func (h *HandlerSystemd) RemoveJob(job *Config, permission Permission) error {
 
 	systemdPath := systemd.GetSystemDir()
 	if unitType == systemd.UserUnit {
-		systemdPath, err = systemd.GetUserDir()
+		systemdPath, err = unit.GetUserDir()
 		if err != nil {
 			return nil
 		}
@@ -241,7 +263,12 @@ func (h *HandlerSystemd) DisplayJobStatus(job *Config) error {
 	if !unitLoaded {
 		return ErrScheduledJobNotFound
 	}
-	_ = runJournalCtlCommand(timerName, systemdType) // ignore errors on journalctl
+	if systemdType == systemd.UserUnit && user.Current().IsRoot() {
+		// journalctl doesn't accept the parameter "-M user@" (yet?)
+		clog.Warning("cannot load the journal from a user service as root")
+	} else {
+		_ = runJournalCtlCommand(timerName, systemdType) // ignore errors on journalctl
+	}
 	return runSystemctlCommand(timerName, systemctlStatus, systemdType, false)
 }
 
@@ -294,7 +321,7 @@ func (h *HandlerSystemd) CheckPermission(user user.User, p Permission) bool {
 		return true
 
 	default:
-		if user.SudoRoot || user.Uid == 0 {
+		if user.IsRoot() {
 			return true
 		}
 		// last case is system (or undefined) + no sudo
@@ -476,7 +503,7 @@ func getConfigs(profileName string, unitType systemd.UnitType) ([]Config, error)
 		if unit.Load == unitNotFound {
 			continue
 		}
-		cfg, err := systemd.Read(unit.Unit, unitType)
+		cfg, err := systemd.NewUnit(user.Current()).Read(unit.Unit, unitType)
 		if err != nil {
 			clog.Errorf("cannot read information from unit %q: %s", unit.Unit, err)
 			continue

systemd/drop_ins.go

@@ -23,8 +23,8 @@ func getOwnedName(basename string) string {
 	return fmt.Sprintf("%s.resticprofile.conf", strings.TrimSuffix(basename, ext))
 }
 
-func IsTimerDropIn(file string) bool {
-	if f, err := fs.Open(file); err == nil {
+func (u Unit) IsTimerDropIn(file string) bool {
+	if f, err := u.fs.Open(file); err == nil {
 		defer func() { _ = f.Close() }()
 		for reader := bufio.NewScanner(f); reader.Scan(); {
 			if timerDropInRegex.Match(reader.Bytes()) {
@@ -37,8 +37,8 @@ func IsTimerDropIn(file string) bool {
 	return false
 }
 
-func CreateDropIns(dir string, files []string) error {
-	if err := fs.MkdirAll(dir, 0o755); err != nil {
+func (u Unit) createDropIns(dir string, files []string) error {
+	if err := u.fs.MkdirAll(dir, 0o755); err != nil {
 		return err
 	}
 
@@ -47,7 +47,7 @@ func CreateDropIns(dir string, files []string) error {
 		fileBasenamesOwned[getOwnedName(filepath.Base(file))] = struct{}{}
 	}
 
-	d, err := fs.Open(dir)
+	d, err := u.fs.Open(dir)
 	if err != nil {
 		return err
 	}
@@ -66,7 +66,7 @@ func CreateDropIns(dir string, files []string) error {
 		if createdByUs && !notOrphaned {
 			orphanPath := filepath.Join(dir, f.Name())
 			clog.Debugf("deleting orphaned drop-in file %v", orphanPath)
-			if err := fs.Remove(orphanPath); err != nil {
+			if err := u.fs.Remove(orphanPath); err != nil {
 				return err
 			}
 		}
@@ -79,13 +79,13 @@ func CreateDropIns(dir string, files []string) error {
 		dropInFileOwned := getOwnedName(dropInFileBase)
 		dstPath := filepath.Join(dir, dropInFileOwned)
 		clog.Debugf("writing %v", dstPath)
-		dst, err := fs.Create(dstPath)
+		dst, err := u.fs.Create(dstPath)
 		if err != nil {
 			return err
 		}
 		defer dst.Close()
 
-		src, err := fs.Open(dropInFilePath)
+		src, err := u.fs.Open(dropInFilePath)
 		if err != nil {
 			return err
 		}