Re: PATCH: Configurable file mode mask

On Fri, Mar 09, 2018 at 01:51:14PM -0500, David Steele wrote:
> How about a GUC that enforces one mode or the other on startup? Default
> would be 700. The GUC can be set automatically by initdb based on the
> -g option. We had this GUC originally, but since the front-end tools
> can't read it we abandoned it. Seems like it would be good as an
> enforcing mechanism, though.

Hm. OK. I can see the whole set of points about that. Please let me
think a bit more about that bit. Do you think that there could be a
pool of users willing to switch from one mode to another? Compared to
your v1, we could indeed have a GUC which enforces a restriction to not
allow group access, and enabled by default. As the commit fest is
running and we don't have a clear picture yet, I am afraid that it may
be better to move that to v12, and focus on getting patches 1 and 2
committed. This will provide a good base for the next move.

There are three places where things are still not correct:

- if (chmod(location, S_IRWXU) != 0)
+ current_umask = umask(0);
+ umask(current_umask);
+
+ if (chmod(location, PG_DIR_MODE_DEFAULT & ~current_umask) != 0)
This is in tablespace.c.

@@ -185,6 +186,9 @@ main(int argc, char **argv)
exit(1);
}

+ /* Set dir/file mode mask */
+ umask(PG_MODE_MASK_DEFAULT);
+
In pg_rewind and pg_resetwal, isn't that also a portion which is not
necessary without the group access feature?

This is all I have basically for patch 2, which would be good for
shipping.
--
Michael