From: | David Steele <david(at)pgmasters(dot)net> |
---|---|
To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | "Suralkar, Yogendra (Yogendra)" <suralkary(at)avaya(dot)com>, "pgsql-bugs(at)lists(dot)postgresql(dot)org" <pgsql-bugs(at)lists(dot)postgresql(dot)org>, "Porob, Dattaram (Datta)" <porobd(at)avaya(dot)com>, "Oswal, Prashant (Prashant) **CTR**" <poswal(at)avaya(dot)com>, "Patil, Parag (Parag)" <paragp(at)avaya(dot)com>, "Devaraj, Sankar (Sankar)" <devarajs(at)avaya(dot)com>, "Singh, Payal (Payal) **CTR**" <payals(at)avaya(dot)com> |
Subject: | Re: Unable to connect to PostgreSQL DB as root user when private key is owned by root with permission 640 |
Date: | 2022-05-26 20:01:49 |
Message-ID: | ff6b518a-36bf-f400-39c6-a02a44650c4d@pgmasters.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-bugs |
On 5/26/22 2:16 PM, Tom Lane wrote:
> David Steele <david(at)pgmasters(dot)net> writes:
>> On 5/24/22 16:05, Tom Lane wrote:
>>> After further poking at this, I see that we also have to drop the check of
>>> file ownership. That was already dropped once long ago (3405f2b9253), on
>>> the grounds that if the file has suitable permissions but its ownership
>>> isn't what we expect then our read attempt will fail, so we needn't check
>>> ownership explicitly. While I'd prefer a more explicit error than the
>>> "Permission denied" that you get with this approach, the intent of this
>>> patch was not to create any new failure modes, so I think we're stuck
>>> with that.
>
>> That makes sense. Seems I should have dug further into why the server
>> does this but the client does not.
>
> Pushed that.
Excellent. Thank you!
>>> Open questions:
>>> * This puts us back into a situation where the frontend and server tests
>>> are not in sync. Do we want to relax the server's checks to match this,
>>> or just leave that side as it stands?
>
>> I'm inclined to leave it as is in the back branches to avoid any other
>> unintended consequences. Perhaps we could make the change for PG15?
>
> Yeah, I'm unenthused now about touching this in the back branches.
> But do we want to do it in HEAD, or just leave well enough alone?
After thinking on it for a bit I believe we should leave well enough
alone. This code is rarely touched so I don't think it's a very big deal.
Regards,
--
-David
david(at)pgmasters(dot)net
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2022-05-26 21:35:13 | Re: Unable to connect to PostgreSQL DB as root user when private key is owned by root with permission 640 |
Previous Message | Tom Lane | 2022-05-26 18:16:21 | Re: Unable to connect to PostgreSQL DB as root user when private key is owned by root with permission 640 |