| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Simon Riggs <simon(at)2ndquadrant(dot)com>, David Steele <david(at)pgmasters(dot)net>, Pg Hackers <pgsql-hackers(at)postgresql(dot)org>, Adam Brightwell <adam(dot)brightwell(at)crunchydata(dot)com> |
| Subject: | Re: PATCH: Configurable file mode mask |
| Date: | 2017-03-06 13:52:42 |
| Message-ID: | 20170306135242.GK9812@tamriel.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Tom,
* Tom Lane (tgl(at)sss(dot)pgh(dot)pa(dot)us) wrote:
> Simon Riggs <simon(at)2ndquadrant(dot)com> writes:
> > On 1 March 2017 at 01:58, David Steele <david(at)pgmasters(dot)net> wrote:
> >> PostgreSQL currently requires the file mode mask (umask) to be 0077.
> >> However, this precludes the possibility of a user in the postgres group
> >> performing a backup (or whatever). Now that
> >> pg_start_backup()/pg_stop_backup() privileges can be delegated to an
> >> unprivileged user, it makes sense to also allow a (relatively)
> >> unprivileged user to perform the backup at the file system level as well.
>
> > +1
>
> I'd ask what is the point, considering that we don't view "cp -a" as a
> supported backup technique in the first place.
The point is to allow backups to be performed as a user who only has
read-only access to the files and is a non-superuser in the database.
With the changes to allow GRANT'ing of the pg_start/stop_backup and
related functions and these changes to allow the files to be group
readable, that will be possible using a tool such as pgbackrest, not
just with a "cp -a".
Thanks!
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Thomas Munro | 2017-03-06 13:57:30 | Re: WIP: [[Parallel] Shared] Hash |
| Previous Message | Stephen Frost | 2017-03-06 13:50:20 | Re: PATCH: Configurable file mode mask |