From ba3eb88d95114e237027f84db301d2605aadec93 Mon Sep 17 00:00:00 2001
From: Thomas Lamprecht <t.lamprecht@proxmox.com>
Date: Tue, 17 Dec 2019 09:53:21 +0100
Subject: [PATCH] generate authkey: public part needs to be readable by backup
 group

else the API proxy cannot use it and fails to run..

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
---
 src/auth_helpers.rs | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/auth_helpers.rs b/src/auth_helpers.rs
index 3db79d28..fe981fd9 100644
--- a/src/auth_helpers.rs
+++ b/src/auth_helpers.rs
@@ -128,7 +128,12 @@ pub fn generate_auth_key() -> Result<(), Error> {
 
     let public_pem = rsa.public_key_to_pem()?;
 
-    file_set_contents(&public_path, &public_pem, None)?;
+    let (_, backup_gid) = crate::tools::getpwnam_ugid("backup")?;
+    let uid = Some(nix::unistd::ROOT);
+    let gid = Some(nix::unistd::Gid::from_raw(backup_gid));
+
+    file_set_contents_full(
+        &public_path, &public_pem, Some(Mode::from_bits_truncate(0o0640)), uid, gid)?;
 
     Ok(())
 }