Re: pg_basebackup ignores the existing data directory permissions

On Tue, Mar 26, 2019 at 1:27 PM Michael Paquier <michael(at)paquier(dot)xyz> wrote:

> On Sun, Mar 24, 2019 at 10:30:47PM +1100, Haribabu Kommi wrote:
> > With the above additional options, the pg_basebackup is able to control
> > the access permissions of the backup files, but when it comes to tar mode
> > all the files are sent from the server and stored as it is in backup, to
> > support
> > tar mode group access mode control, the BASE BACKUP protocol is
> > enhanced with new option GROUP_MODE 'none' or GROUP_MODE 'group'
> > to control the file permissions before they are sent to backup. Sending
> > GROUP_MODE to the server depends on the -g option received to the
> > pg_basebackup utility.
>
>
Thanks for the review.

> Do we really want to extend the replication protocol to control that?
>

As the backup data is passed in tar format and if the pg_basebackup
is also storing it in tar format, i feel changing the permissions on tar
creation is easier than regenerating the received tar with different
permissions at pg_basebackup side.

Other than tar format, changing only in pg_basebackup can support
independent group access permissions of the standby directory.

I am really questioning if we should keep this stuff isolated within
> pg_basebackup or not. At the same time, it may be confusing to have
> BASE_BACKUP only use the permissions inherited from the data
> directory, so some input from folks maintaining an external backup
> tool is welcome.
>

That would be good to hear what other external backup tool authors
think of this change.

Regards,
Haribabu Kommi
Fujitsu Australia