From 19e42b14119297daf8a4bbedd4578733dd85412b Mon Sep 17 00:00:00 2001 From: Fujii Masao Date: Fri, 15 May 2026 22:47:28 +0900 Subject: [PATCH v2] pg_recvlogical: Honor source cluster file permissions for output files Commit c37b3d08ca6 attempted to preserve group permissions on pg_recvlogical output files when group access was enabled on the source cluster. However, the output files were still created with a fixed S_IRUSR | S_IWUSR mode, preventing group-read permissions from being applied. This commit fixes the issue by creating output files with pg_file_create_mode instead of a hard-coded mode. This allows pg_recvlogical to correctly preserve group permissions from the source cluster. Backpatch to all supported branches. --- doc/src/sgml/ref/pg_recvlogical.sgml | 2 +- src/bin/pg_basebackup/pg_recvlogical.c | 2 +- src/bin/pg_basebackup/t/030_pg_recvlogical.pl | 46 +++++++++++++++++++ 3 files changed, 48 insertions(+), 2 deletions(-) diff --git a/doc/src/sgml/ref/pg_recvlogical.sgml b/doc/src/sgml/ref/pg_recvlogical.sgml index 5380d776baf..5f76e424e26 100644 --- a/doc/src/sgml/ref/pg_recvlogical.sgml +++ b/doc/src/sgml/ref/pg_recvlogical.sgml @@ -494,7 +494,7 @@ PostgreSQL documentation pg_recvlogical will preserve group permissions on - the received WAL files if group permissions are enabled on the source + the output files if group permissions are enabled on the source cluster. diff --git a/src/bin/pg_basebackup/pg_recvlogical.c b/src/bin/pg_basebackup/pg_recvlogical.c index be71783b370..2fdf64bcadb 100644 --- a/src/bin/pg_basebackup/pg_recvlogical.c +++ b/src/bin/pg_basebackup/pg_recvlogical.c @@ -342,7 +342,7 @@ StreamLogicalLog(void) outfd = fileno(stdout); else outfd = open(outfile, O_CREAT | O_APPEND | O_WRONLY | PG_BINARY, - S_IRUSR | S_IWUSR); + pg_file_create_mode); if (outfd == -1) { pg_log_error("could not open log file \"%s\": %m", outfile); diff --git a/src/bin/pg_basebackup/t/030_pg_recvlogical.pl b/src/bin/pg_basebackup/t/030_pg_recvlogical.pl index 063ad96b9be..945a242bdad 100644 --- a/src/bin/pg_basebackup/t/030_pg_recvlogical.pl +++ b/src/bin/pg_basebackup/t/030_pg_recvlogical.pl @@ -236,6 +236,52 @@ my $count = (() = $outfiledata =~ /INSERT/g); cmp_ok($count, '==', 2, 'pg_recvlogical has received and written two INSERTs'); +# Check that pg_recvlogical derives output file permissions from the source +# cluster. +SKIP: +{ + skip "unix-style permissions not supported on Windows", 2 + if ($Config{osname} eq 'MSWin32' || $Config{osname} eq 'cygwin'); + + # The cluster was initialized without group access, so pg_recvlogical + # should create the output file as 0600 (-rw-------). + my $mode = sprintf('%04o', (stat($outfile))[2] & 07777); + is($mode, '0600', + 'pg_recvlogical output file has no group permissions (0600)'); + + # Enable group access on the source cluster and its files, then restart + # so pg_recvlogical observes the updated source cluster permissions. + $node->stop; + chmod_recursive($node->data_dir, 0750, 0640); + $node->start; + + $outfile = $node->basedir . '/group_access.out'; + @pg_recvlogical_cmd = ( + 'pg_recvlogical', + '--slot' => 'reconnect_test', + '--dbname' => $node->connstr('postgres'), + '--start', + '--file' => $outfile, + '--fsync-interval' => '1'); + + $recv = IPC::Run::start( + [@pg_recvlogical_cmd], + '>' => \$stdout, + '2>' => \$stderr); + + $node->safe_psql('postgres', 'INSERT INTO test_table VALUES (3)'); + wait_for_file($outfile, qr/INSERT/); + + $recv->signal('TERM'); + $recv->finish(); + + # With group access enabled on the source cluster, pg_recvlogical should + # create the output file as 0640 (-rw-r-----). + $mode = sprintf('%04o', (stat($outfile))[2] & 07777); + is($mode, '0640', + 'pg_recvlogical output file respects group permissions (0640)'); +} + $node->command_ok( [ 'pg_recvlogical', -- 2.53.0