| From: | David Steele <david(at)pgmasters(dot)net> |
|---|---|
| To: | Michael Paquier <michael(at)paquier(dot)xyz> |
| Cc: | Michael Paquier <michael(dot)paquier(at)gmail(dot)com>, Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>, Alvaro Herrera <alvherre(at)alvh(dot)no-ip(dot)org>, Stephen Frost <sfrost(at)snowman(dot)net>, Adam Brightwell <adam(dot)brightwell(at)crunchydata(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>, "Tsunakawa, Takayuki" <tsunakawa(dot)takay(at)jp(dot)fujitsu(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Pg Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: PATCH: Configurable file mode mask |
| Date: | 2018-03-13 16:19:07 |
| Message-ID: | 752925bd-df5c-2225-3ddf-17801fc47df8@pgmasters.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi Michael,
On 3/12/18 3:28 AM, Michael Paquier wrote:
> On Fri, Mar 09, 2018 at 01:51:14PM -0500, David Steele wrote:
>> How about a GUC that enforces one mode or the other on startup? Default
>> would be 700. The GUC can be set automatically by initdb based on the
>> -g option. We had this GUC originally, but since the front-end tools
>> can't read it we abandoned it. Seems like it would be good as an
>> enforcing mechanism, though.
>
> Hm. OK. I can see the whole set of points about that. Please let me
> think a bit more about that bit. Do you think that there could be a
> pool of users willing to switch from one mode to another? Compared to
> your v1, we could indeed have a GUC which enforces a restriction to not
> allow group access, and enabled by default. As the commit fest is
> running and we don't have a clear picture yet, I am afraid that it may
> be better to move that to v12, and focus on getting patches 1 and 2
> committed. This will provide a good base for the next move.
>
> There are three places where things are still not correct:
>
> - if (chmod(location, S_IRWXU) != 0)
> + current_umask = umask(0);
> + umask(current_umask);
> +
> + if (chmod(location, PG_DIR_MODE_DEFAULT & ~current_umask) != 0)
> This is in tablespace.c.
I have moved this hunk to 03 and used only PG_DIR_MODE_DEFAULT instead.
> @@ -185,6 +186,9 @@ main(int argc, char **argv)
> exit(1);
> }
>
> + /* Set dir/file mode mask */
> + umask(PG_MODE_MASK_DEFAULT);
> +
> In pg_rewind and pg_resetwal, isn't that also a portion which is not
> necessary without the group access feature?
These seem like a good idea to me with or without patch 03. Some of our
front-end tools (initdb, pg_upgrade) were setting umask and others
weren't. I think it's more consistent (and safer) if they all do, at
least if they are writing into PGDATA.
> This is all I have basically for patch 2, which would be good for
> shipping.
Thanks!
I'll attach new patches in a reply to [1] once I have made the changes
Tom requested.
--
-David
david(at)pgmasters(dot)net
[1] https://www.postgresql.org/message-id/22928.1520953220%40sss.pgh.pa.us
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Mat Arye | 2018-03-13 16:20:27 | Re: Additional Statistics Hooks |
| Previous Message | Stephen Frost | 2018-03-13 16:13:45 | Re: PATCH: Configurable file mode mask |