Re: Unable to connect to PostgreSQL DB as root user when private key is owned by root with permission 640

On 5/26/22 2:16 PM, Tom Lane wrote:
> David Steele <david(at)pgmasters(dot)net> writes:
>> On 5/24/22 16:05, Tom Lane wrote:
>>> After further poking at this, I see that we also have to drop the check of
>>> file ownership. That was already dropped once long ago (3405f2b9253), on
>>> the grounds that if the file has suitable permissions but its ownership
>>> isn't what we expect then our read attempt will fail, so we needn't check
>>> ownership explicitly. While I'd prefer a more explicit error than the
>>> "Permission denied" that you get with this approach, the intent of this
>>> patch was not to create any new failure modes, so I think we're stuck
>>> with that.
>
>> That makes sense. Seems I should have dug further into why the server
>> does this but the client does not.
>
> Pushed that.

Excellent. Thank you!

>>> Open questions:
>>> * This puts us back into a situation where the frontend and server tests
>>> are not in sync. Do we want to relax the server's checks to match this,
>>> or just leave that side as it stands?
>
>> I'm inclined to leave it as is in the back branches to avoid any other
>> unintended consequences. Perhaps we could make the change for PG15?
>
> Yeah, I'm unenthused now about touching this in the back branches.
> But do we want to do it in HEAD, or just leave well enough alone?

After thinking on it for a bit I believe we should leave well enough
alone. This code is rarely touched so I don't think it's a very big deal.

Regards,
--
-David
david(at)pgmasters(dot)net