| From: | David Steele <david(at)pgmasters(dot)net> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net>, "Tsunakawa, Takayuki" <tsunakawa(dot)takay(at)jp(dot)fujitsu(dot)com> |
| Cc: | Pg Hackers <pgsql-hackers(at)postgresql(dot)org>, Adam Brightwell <adam(dot)brightwell(at)crunchydata(dot)com> |
| Subject: | Re: PATCH: Configurable file mode mask |
| Date: | 2017-03-13 16:56:01 |
| Message-ID: | 2db918f7-c4f7-1e4e-15b6-1305971b80bf@pgmasters.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 3/10/17 8:34 AM, Stephen Frost wrote:
> Greetings,
>
> * Tsunakawa, Takayuki (tsunakawa(dot)takay(at)jp(dot)fujitsu(dot)com) wrote:
>> From: pgsql-hackers-owner(at)postgresql(dot)org
>>> [mailto:pgsql-hackers-owner(at)postgresql(dot)org] On Behalf Of David Steele
>>> PostgreSQL currently requires the file mode mask (umask) to be 0077.
>>> However, this precludes the possibility of a user in the postgres group
>>> performing a backup (or whatever). Now that
>>> pg_start_backup()/pg_stop_backup() privileges can be delegated to an
>>> unprivileged user, it makes sense to also allow a (relatively) unprivileged
>>> user to perform the backup at the file system level as well.
>>
>> I'd like to help review this. First, let me give some questions and comments.
Much appreciated!
>> 3.The default location of the SSL key file is $PGDATA, so the permission of the key file is likely to become 0640. But the current postgres requires it to be 0600. See src/backend/libpq/be-secure-openssl.c.
>
> Yes, that needs to be addressed. There was discussion on another thread
> that it would be useful to support the SSL key file having group read
> access, but since this patch is handling the other files it seems like
> it would make sense to do that change here also.
Perhaps, but since these files are not setup by initdb I'm not sure if
we should be handling their permissions. This seems to be a
distro-specific issue.
It seems to me that it would be best to advise in the docs that these
files should be relocated if they won't be readable by the backup user.
In any event, I'm not convinced that backing up server private keys is a
good idea.
>> 5.I think some explanation about the concept of multiple OS users is necessary, such as here:
>>
>> 16.1. Short Version
>> https://www.postgresql.org/docs/devel/static/install-short.html
>>
>> 18.2. Creating a Database Cluster
>> https://www.postgresql.org/docs/devel/static/creating-cluster.html
>
> I agree that we should update the documention for this, including those.
We'll add that to the next patch.
Thanks,
--
-David
david(at)pgmasters(dot)net
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2017-03-13 17:03:38 | Re: PATCH: Configurable file mode mask |
| Previous Message | David Steele | 2017-03-13 16:42:03 | Re: PATCH: Configurable file mode mask |