| From: | David Steele <david(at)pgmasters(dot)net> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net>, Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> |
| Cc: | Pg Hackers <pgsql-hackers(at)postgresql(dot)org>, Adam Brightwell <adam(dot)brightwell(at)crunchydata(dot)com> |
| Subject: | Re: PATCH: Configurable file mode mask |
| Date: | 2017-03-13 16:42:03 |
| Message-ID: | c77e262f-2d6c-9543-67e1-e9eda26ec11d@pgmasters.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 3/10/17 8:12 AM, Stephen Frost wrote:
> Peter,
>
> * Peter Eisentraut (peter(dot)eisentraut(at)2ndquadrant(dot)com) wrote:
>> On 2/28/17 20:58, David Steele wrote:
>>> This patch introduces a new initdb param, -u/-file-mode-mask, and a new
>>> GUC, file_mode_mask, to allow the default mode of files and directories
>>> in the $PGDATA directory to be modified.
>>
>> The postmaster.pid file appears not to observe the configured mask.
>
> Good point, it should.
Leaving the mask on this file as-is was intentional. At miscinit.c:829:
/* Think not to make the file protection weaker than 0600. See comments
below. */
At miscinit.c:893:
/* We can treat the EPERM-error case as okay because that error implies
that the existing process has a different userid than we do, which means
it cannot be a competing postmaster. A postmaster cannot successfully
attach to a data directory owned by a userid other than its own. (This
is now checked directly in checkDataDir(), but has been true for a long
time because of the restriction that the data directory isn't group- or
world-accessible.) Also, since we create the lockfiles mode 600, we'd
have failed above if the lockfile belonged to another userid --- which
means that whatever process kill() is reporting about isn't the one that
made the lockfile. (NOTE: this last consideration is the only one that
keeps us from blowing away a Unix socket file belonging to an instance
of Postgres being run by someone else, at least on machines where /tmp
hasn't got a stickybit.) */
I can't see why this explanation does not continue to hold even if
permissions for other files are changed. For the use cases I envision,
I don't think being able to read/manipulate postmaster.pid is important,
only to detect that it is present.
>> There ought to be a test, perhaps under src/bin/initdb/, to check for
>> that kind of thing.
>
> Good idea.
Agreed, will add to next patch.
> >> There is no documentation update for initdb.
The --file-mode-mask option was added to the option list, but you are
probably referring to a paragraph under description. Will add to the
next patch.
--
-David
david(at)pgmasters(dot)net
| From | Date | Subject | |
|---|---|---|---|
| Next Message | David Steele | 2017-03-13 16:56:01 | Re: PATCH: Configurable file mode mask |
| Previous Message | Corey Huinker | 2017-03-13 16:36:55 | Re: \if, \elseif, \else, \endif (was Re: PSQL commands: \quit_if, \quit_unless) |