| From: | Haribabu Kommi <kommi(dot)haribabu(at)gmail(dot)com> |
|---|---|
| To: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> |
| Cc: | Michael Paquier <michael(at)paquier(dot)xyz>, Robert Haas <robertmhaas(at)gmail(dot)com>, Magnus Hagander <magnus(at)hagander(dot)net>, Stephen Frost <sfrost(at)snowman(dot)net>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: pg_basebackup ignores the existing data directory permissions |
| Date: | 2019-03-24 11:30:47 |
| Message-ID: | CAJrrPGeA2qirkrStmGgv-H40pEKr9N=zCpVJxGnwbHB7p8-5Pg@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Sat, Mar 23, 2019 at 2:23 AM Peter Eisentraut <
peter(dot)eisentraut(at)2ndquadrant(dot)com> wrote:
> On 2019-03-22 05:00, Michael Paquier wrote:
> > On Fri, Mar 22, 2019 at 02:45:24PM +1100, Haribabu Kommi wrote:
> >> How about letting the pg_basebackup to decide group permissions of the
> >> standby directory irrespective of the primary directory permissions.
> >>
> >> Default - permissions are same as primary
> >> --allow-group-access - standby directory have group access permissions
> >> --no-group--access - standby directory doesn't have group permissions
> >>
> >> The last two options behave irrespective of the primary directory
> >> permissions.
> >
> > Yes, I'd imagine that we would want to be able to define three
> > different behaviors, by either having a set of options, or a sinple
> > option with a switch, say --group-access:
> > - "inherit" causes the permissions to be inherited from the source
> > node, and that's the default.
> > - "none" enforces the default 0700/0600.
> > - "group" enforces group read access.
>
> Yes, we could use those three behaviors.
>
Thanks for all your opinions, here I attached an updated patch as discussed.
New option -g --group-mode is added to pg_basebackup to specify the
group access permissions.
inherit - same permissions as source instance (default)
none - No group permissions irrespective of source instance
group - group permissions irrespective of source instance
With the above additional options, the pg_basebackup is able to control
the access permissions of the backup files, but when it comes to tar mode
all the files are sent from the server and stored as it is in backup, to
support
tar mode group access mode control, the BASE BACKUP protocol is
enhanced with new option GROUP_MODE 'none' or GROUP_MODE 'group'
to control the file permissions before they are sent to backup. Sending
GROUP_MODE to the server depends on the -g option received to the
pg_basebackup utility.
comments?
Regards,
Haribabu Kommi
Fujitsu Australia
| Attachment | Content-Type | Size |
|---|---|---|
| 0001-New-pg_basebackup-g-option-to-control-the-group-acce.patch | application/octet-stream | 21.4 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Julien Rouhaud | 2019-03-24 12:10:59 | Re: Planning counters in pg_stat_statements (using pgss_store) |
| Previous Message | Dean Rasheed | 2019-03-24 11:19:52 | Re: BUG #15708: RLS 'using' running as wrong user when called from a view |