Re: pg_basebackup ignores the existing data directory permissions

On Mon, Mar 18, 2019 at 11:36 AM Peter Eisentraut
<peter(dot)eisentraut(at)2ndquadrant(dot)com> wrote:
> On 2019-03-18 14:47, Robert Haas wrote:
> >> Based on the feedback gathered, having a separate option to enforce
> >> the default and not touching the behavior implemented until now,
> >> sounds fine to me.
> > That's not what I'm proposing. I think the behavior implemented until
> > now is not best, because the files within the directory should inherit
> > the directory's permissions, not the remote side's permissions.
>
> I'm strongly in favor of keeping initdb and pg_basebackup options
> similar and consistent. They are both ways to initialize data directories.
>
> You'll note that initdb does not behave the way you describe. It's not
> unreasonable behavior, but it's not the way it currently works.

So you want to default to no group access regardless of the directory
permissions, with an option to enable group access that must be
explicitly specified? That seems like a reasonable option to me; note
that initdb does seem to chdir() an existing directory.

--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company