Re: pg_basebackup ignores the existing data directory permissions

On Fri, Mar 29, 2019 at 6:05 AM Peter Eisentraut
<peter(dot)eisentraut(at)2ndquadrant(dot)com> wrote:
> On 2019-03-26 03:26, Michael Paquier wrote:
> > Do we really want to extend the replication protocol to control that?
>
> Perhaps we are losing sight of the original problem, which is that if
> you create the target directory with the wrong permissions then ... it
> has the wrong permissions. And you are free to change the permissions
> at any time. Many of the proposed solutions sound excessively
> complicated relative to that.

I don't think I agree with that characterization of the problem. I
mean, what do you mean by "wrong"? Perhaps you created the directory
with the "right" permissions, i.e. those you actually wanted, and then
pg_basebackup rather rudely insisted on ignoring them when it decided
how to set the permissions for the files inside that directory. On the
other hand, perhaps you wished to abdicate responsibility for security
decisions to whatever rule pg_basebackup uses, and it rather rudely
didn't bother to enforce that decision on the top level directory,
forcing you to think about a question you had decided to ignore.

I am not sure what solution is best here, but it is hard to imagine
that the status quo is the right thing.

--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company