Re: [PG19-3 PATCH] Don't ignore passfile

On Mon, Sep 8, 2025 at 11:20 AM Paul Ohlhauser
<bendix(dot)ohlhauser(at)gmail(dot)com> wrote:
> And I propose one or more of the following solutions:
> - 1. Make the warning clearer by stating that passfile is ignored (B)
> - 2. Change the warning to be an error (A,B)
> - 3. Allow group permissions (C)
> - 4. Just warn, don't ignore (A,B,C)
>
> Option 4 is the easiest and the patch I submitted but does not seem to be well received
> Option 1 is the bare minimum IMO - it's still not great though
> I'd like to see options 2 & 3 (same behavior as SSH)

I think clarifying the warning is probably an acceptable change as
long as the new wording is equally clear and doesn't add much to the
length of the message. Of course, I don't have the only vote here.

Changing the warning to an error wouldn't bother me a great deal, but
we'd probably need more than just you voting for that alternative to
justify overturning longstanding behavior.

I don't really know what I think about allowing group permissions.
It's reasonable in the sense that we have an option to allow that for
$PGDATA, but OTOH we have no real understanding of Windows permissions
or Linux ACLs or SELinux security constraints, so that idea that we
can force "safe" permissions is a little bit laughable.

--
Robert Haas
EDB: http://www.enterprisedb.com