Re: pg_basebackup ignores the existing data directory permissions

On Fri, Mar 22, 2019 at 11:42 AM Michael Paquier <michael(at)paquier(dot)xyz>
wrote:

> On Thu, Mar 21, 2019 at 02:56:24PM -0400, Robert Haas wrote:
> > On Tue, Mar 19, 2019 at 2:29 AM Michael Paquier <michael(at)paquier(dot)xyz>
> wrote:
> >> Hm. We have been assuming that the contents of a base backup inherit
> >> the permission of the source when using pg_basebackup because this
> >> allows users to keep a nodes in a consistent state without deciding
> >> which option to use. Do you mean that you would like to enforce the
> >> permissions of only the root directory if it exists? Or the root
> >> directory with all its contents? The former may be fine. The latter
> >> is definitely not.
> >
> > Why not?
>
> Because we have released v11 so as we respect the permissions set on
> the source instead from which the backup is taken for all the folder's
> content. If we begin to enforce it we may break some cases. If a new
> option is introduced, it seems to me that the default should remain
> what has been released with v11, but that it is additionally possible
> to enforce group permissions or non-group permissions at will on the
> backup taken for all the contents in the data folder, including the
> root folder, created manually or not before running the pg_basebackup
> command.
>

How about letting the pg_basebackup to decide group permissions of the
standby directory irrespective of the primary directory permissions.

Default - permissions are same as primary
--allow-group-access - standby directory have group access permissions
--no-group--access - standby directory doesn't have group permissions

The last two options behave irrespective of the primary directory
permissions.

opinions?

Regards,
Haribabu Kommi
Fujitsu Australia