| From: | Michael Paquier <michael(dot)paquier(at)gmail(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | PostgreSQL mailing lists <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: initdb -S versus superuser check and Windows restricted mode |
| Date: | 2015-05-30 08:19:50 |
| Message-ID: | CAB7nPqQW1scFS3VqqrDD6ATSev+jiuXp+SUVP=yY7PAAg4i=mw@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Sat, May 30, 2015 at 6:08 AM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> I noticed that if you use "initdb -S", the code does its thing and
> exits without ever calling get_restricted_token(). It doesn't get
> to get_id() where the no-superuser check is, either. Is this OK,
> or should we reorder the operations so that fsyncing is done with
> the usual restricted privileges?
>
> You could argue that it's harmless to let root do a bunch of fsyncs,
> and that's probably true, but on the other hand this doesn't meet
> our usual expectations that no significant PG code runs as root.
>
> Thoughts?
There is indeed no harm in letting root doing only fsync, but FWIW my
vote goes for consistency with the other utilities that manipulate
PGDATA and move the calls of get_restricted_token() and get_id()
before option parsing with a HEAD-only change.
--
Michael
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Christoph Berg | 2015-05-30 11:57:36 | Re: why does txid_current() assign new transaction-id? |
| Previous Message | Michael Paquier | 2015-05-30 08:10:23 | Re: cannot set view triggers to replica |