| From: | Michael Paquier <michael(at)paquier(dot)xyz> |
|---|---|
| To: | Haribabu Kommi <kommi(dot)haribabu(at)gmail(dot)com> |
| Cc: | PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: pg_basebackup ignores the existing data directory permissions |
| Date: | 2019-02-14 08:10:27 |
| Message-ID: | 20190214081027.GH2366@paquier.xyz |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Thu, Feb 14, 2019 at 06:34:07PM +1100, Haribabu Kommi wrote:
> we have an application that is used to create the data directory with
Well, initdb would do that happily, so there is no actual any need to
do that to begin with. Anyway..
> owner access (0700), but with initdb group permissions option, it
> automatically
> converts to (0750) by the initdb. But pg_basebackup doesn't change it when
> it tries to do a backup from a group access server.
So that's basically the opposite of the case I was thinking about,
where you create a path for a base backup with permissions strictly
higher than 700, say 755, and the base backup path does not have
enough restrictions. And in your case the permissions are too
restrictive because of the application creating the folder itself but
they should be relaxed if group access is enabled. Actually, that's
something that we may want to do consistently across all branches. If
an application calls pg_basebackup after creating a path, they most
likely change the permissions anyway to allow the postmaster to
start.
--
Michael
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Arthur Zakirov | 2019-02-14 08:20:56 | Re: [PATCH] xlogreader: do not read a file block twice |
| Previous Message | Michael Paquier | 2019-02-14 07:56:48 | Re: Prevent extension creation in temporary schemas |