Re: Lockfile restart failure is still there :-(

From: Greg Stark <gsstark(at)mit(dot)edu>
To: pgsql-hackers(at)postgresql(dot)org
Subject: Re: Lockfile restart failure is still there :-(
Date: 2005-03-17 22:45:54
Message-ID: 873butki1p.fsf@stark.xeocode.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> writes:

> I am strongly tempted to add a direct check in checkDataDir() that the
> data directory actually does belong to our own uid, just for paranoia's
> sake. Someone might decide that they could relax the permission check
> ("hey, why not let the dbadmin group have write permission on $PGDATA")
> without realizing they'd be weakening the startup safety interlock.

Personally I often find I want to do exactly the kind of thing you're
describing. Why does the whole directory have to be so restrictive? Why not
just verify that the lock file itself is owned by our userid? Someone could
always chown it of course but short of that if it's owned by our userid then
surely the process that created it had to be our userid as well?

--
greg

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Tom Lane 2005-03-17 22:51:25 Re: depended on table types
Previous Message Andrew Dunstan 2005-03-17 22:34:22 depended on table types