Re: pg_basebackup ignores the existing data directory permissions

On Tue, Mar 19, 2019 at 5:29 PM Michael Paquier <michael(at)paquier(dot)xyz> wrote:

> On Mon, Mar 18, 2019 at 11:45:05AM -0400, Robert Haas wrote:
> > So you want to default to no group access regardless of the directory
> > permissions, with an option to enable group access that must be
> > explicitly specified? That seems like a reasonable option to me; note
> > that initdb does seem to chdir() an existing directory.
>
> Hm. We have been assuming that the contents of a base backup inherit
> the permission of the source when using pg_basebackup because this
> allows users to keep a nodes in a consistent state without deciding
> which option to use. Do you mean that you would like to enforce the
> permissions of only the root directory if it exists? Or the root
> directory with all its contents? The former may be fine. The latter
> is definitely not.
>

As per my understanding going through the discussion, the option is for
root directory with all its contents also.

How about the following change?

pg_basebackup --> copies the contents of the src directory (with group
access)
and even the root directory permissions.

pg_basebackup --no-group-access --> copies the contents of the src
directory
(with no group access) even for the root directory.

So the default behavior works for many people, others that needs restrict
behavior
can use the new option.

Regards,
Haribabu Kommi
Fujitsu Australia