| From: | David Steele <david(at)pgmasters(dot)net> |
|---|---|
| To: | pgsql-hackers(at)lists(dot)postgresql(dot)org |
| Subject: | Re: That mode-700 check on DATADIR again |
| Date: | 2017-12-13 15:54:30 |
| Message-ID: | 83693f40-6610-1e6a-0252-db197150f2f0@pgmasters.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 12/11/17 9:41 PM, Chapman Flack wrote:
> I have, more or less, this classic question:
>
> https://www.postgresql.org/message-id/4667C403.1070807%40t3go.de
<snip>
> However, when you stat a file with a POSIX ACL, you get shown the
> ACL's 'mask' entry (essentially the ceiling of all the 'extra' ACL
> entries) in place of the old-fashioned group bits. So in a
> non-ACL-aware ls or stat, the above looks like:
>
> [data]# ls -ld
> drwxr-x---+ 22 postgres postgres 4096 Dec 11 18:14 .
>
> ... and postgres refuses to start because it mistakes the r-x for
> 'group' permissions. ACLs have added new semantics to POSIX
> permissions, and postgres doesn't understand them when it makes this
> hey-don't-shoot-your-foot check.
I'm working on a patch that allows $PGDATA to have group r-x so that a
non-privileged user in the group can do a file-level backup.
However, it looks like it would work for your case as well based on your
ACL.
I'm planning to have the patch ready sometime next week and I'll respond
here once it goes into the CF. Reviews would be welcome!
Thanks,
--
-David
david(at)pgmasters(dot)net
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Alvaro Herrera | 2017-12-13 16:55:01 | Re: [HACKERS] Custom compression methods |
| Previous Message | Peter Eisentraut | 2017-12-13 15:45:08 | Re: WIP: a way forward on bootstrap data |