| From: | Kyotaro HORIGUCHI <horiguchi(dot)kyotaro(at)lab(dot)ntt(dot)co(dot)jp> |
|---|---|
| To: | michael(at)paquier(dot)xyz |
| Cc: | kommi(dot)haribabu(at)gmail(dot)com, magnus(at)hagander(dot)net, pgsql-hackers(at)lists(dot)postgresql(dot)org |
| Subject: | Re: pg_basebackup ignores the existing data directory permissions |
| Date: | 2019-02-15 00:24:15 |
| Message-ID: | 20190215.092415.55740969.horiguchi.kyotaro@lab.ntt.co.jp |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
At Fri, 15 Feb 2019 08:15:24 +0900, Michael Paquier <michael(at)paquier(dot)xyz> wrote in <20190214231524(dot)GC2240(at)paquier(dot)xyz>
> On Thu, Feb 14, 2019 at 11:21:19PM +1100, Haribabu Kommi wrote:
> > On Thu, Feb 14, 2019 at 8:57 PM Magnus Hagander <magnus(at)hagander(dot)net> wrote:
> >> I think it could be argued that neither initdb *or* pg_basebackup should
> >> change the permissions on an existing directory, because the admin may have
> >> done that intentionally. But when they do create the directory, they should
> >> follow the same patterns.
> >
> > Hmm, even if the administrator set some specific permissions to the data
> > directory, PostgreSQL server doesn't allow server to start if the
> > permissions are not (0700) for versions less than 11 and (0700 or
> > 0750) for version 11 or later.
>
> Yes, particularly with pg_basebackup -R this adds an extra step in the
> user flow.
I disagree that pg_basebackup rejects directories other than
specific permissions, since it is just a binary backup tool,
which is not exclusive to making replication-standby. It ought to
be runnable and actually runnable by any OS users even by root,
for who postgres rejects to start. As mentioned upthread, it is
safe-side failure that server rejects to run on it.
> > To let the user to use the PostgreSQL server, user must change the
> > permissions of the data directory. So, I don't see a problem in
> > changing the permissions by these tools.
>
> I certainly agree with the point of Magnus that both tools should
> behave consistently, and I cannot actually imagine why it would be
> useful for an admin to keep a more permissive data folder while all
> the contents already have umasks set at the same level as the primary
> (or what initdb has been told to use), but perhaps I lack imagination.
> If we doubt about potential user impact, the usual, best, answer is to
> let back-branches behave the way they do now, and only do something on
> HEAD.
initdb is to create a directory on which server works and rather
rejects existing directory, so I think the "incosistency" seems
fine.
I can live with some new options, say --create-New-directory or
--check-directory-Permission.
regards.
--
Kyotaro Horiguchi
NTT Open Source Software Center
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jamison, Kirk | 2019-02-15 01:15:17 | RE: idle-in-transaction timeout error does not give a hint |
| Previous Message | Alvaro Herrera | 2019-02-15 00:22:08 | Re: Using POPCNT and other advanced bit manipulation instructions |