From: | Haribabu Kommi <kommi(dot)haribabu(at)gmail(dot)com> |
---|---|
To: | Michael Paquier <michael(at)paquier(dot)xyz> |
Cc: | Robert Haas <robertmhaas(at)gmail(dot)com>, Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>, Magnus Hagander <magnus(at)hagander(dot)net>, Stephen Frost <sfrost(at)snowman(dot)net>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
Subject: | Re: pg_basebackup ignores the existing data directory permissions |
Date: | 2019-03-22 03:45:24 |
Message-ID: | CAJrrPGc=LToy2ttY=ZwCS1CeXf9bn7Hzg7kxbyKwkfvawk6_8Q@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Fri, Mar 22, 2019 at 11:42 AM Michael Paquier <michael(at)paquier(dot)xyz>
wrote:
> On Thu, Mar 21, 2019 at 02:56:24PM -0400, Robert Haas wrote:
> > On Tue, Mar 19, 2019 at 2:29 AM Michael Paquier <michael(at)paquier(dot)xyz>
> wrote:
> >> Hm. We have been assuming that the contents of a base backup inherit
> >> the permission of the source when using pg_basebackup because this
> >> allows users to keep a nodes in a consistent state without deciding
> >> which option to use. Do you mean that you would like to enforce the
> >> permissions of only the root directory if it exists? Or the root
> >> directory with all its contents? The former may be fine. The latter
> >> is definitely not.
> >
> > Why not?
>
> Because we have released v11 so as we respect the permissions set on
> the source instead from which the backup is taken for all the folder's
> content. If we begin to enforce it we may break some cases. If a new
> option is introduced, it seems to me that the default should remain
> what has been released with v11, but that it is additionally possible
> to enforce group permissions or non-group permissions at will on the
> backup taken for all the contents in the data folder, including the
> root folder, created manually or not before running the pg_basebackup
> command.
>
How about letting the pg_basebackup to decide group permissions of the
standby directory irrespective of the primary directory permissions.
Default - permissions are same as primary
--allow-group-access - standby directory have group access permissions
--no-group--access - standby directory doesn't have group permissions
The last two options behave irrespective of the primary directory
permissions.
opinions?
Regards,
Haribabu Kommi
Fujitsu Australia
From | Date | Subject | |
---|---|---|---|
Next Message | Oleg Bartunov | 2019-03-22 03:46:35 | Re: jsonpath |
Previous Message | Haribabu Kommi | 2019-03-22 03:35:41 | Re: current_logfiles not following group access and instead follows log_file_mode permissions |