Re: pgsql: Prevent running pg_basebackup as root

From: Stephen Frost <sfrost(at)snowman(dot)net>
To: Michael Paquier <michael(at)paquier(dot)xyz>
Cc: pgsql-committers(at)lists(dot)postgresql(dot)org
Subject: Re: pgsql: Prevent running pg_basebackup as root
Date: 2020-02-05 17:22:59
Message-ID: 20200205172259.GW3195@tamriel.snowman.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-committers pgsql-hackers

Greetings,

* Michael Paquier (michael(at)paquier(dot)xyz) wrote:
> Prevent running pg_basebackup as root
>
> Similarly to pg_upgrade, pg_ctl and initdb, a root user is able to use
> --version and --help, but cannot execute the actual operation to avoid
> the creation of files with permissions incompatible with the
> postmaster.
>
> This is a behavior change, so not back-patching is done.

While it's maybe not ideal, surely there isn't an actual issue if
pg_basebackup is run as root with -Ft, is there..?

There's possibly something to be said about the fact that we hard-code
the username/groupname in the tar file too (interestingly, we actually
do pass through the uid/gid..)- perhaps we should actually be passing
the username/groupname through, but if we did do something like that
then having pg_basebackup running as root would be necessary if we want
to preserve the file ownership.

In any case, sorry for not responding on this sooner (was traveling for
FOSDEM and such), but I'm not really convinced this is something we want
and it certainly breaks at least somewhat reasonable use-cases when you
think about using pg_basebackup with -Ft. In that vein, this change is
kinda like saying "you can't run pg_dump as root"..

Thanks,

Stephen

In response to

Responses

Browse pgsql-committers by date

  From Date Subject
Next Message Alvaro Herrera 2020-02-05 18:07:36 pgsql: ALTER SUBSCRIPTION / REFRESH docs: explain copy_data
Previous Message Noah Misch 2020-02-05 16:29:13 pgsql: When a TAP file has non-zero exit status, retain temporary direc

Browse pgsql-hackers by date

  From Date Subject
Next Message Alvaro Herrera 2020-02-05 18:08:16 Re: Documentation patch for ALTER SUBSCRIPTION
Previous Message Tom Lane 2020-02-05 17:15:43 Re: Is custom MemoryContext prohibited?