Re: PATCH: Configurable file mode mask

From: David Steele <david(at)pgmasters(dot)net>
To: Stephen Frost <sfrost(at)snowman(dot)net>
Cc: Michael Paquier <michael(at)paquier(dot)xyz>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>, Alvaro Herrera <alvherre(at)alvh(dot)no-ip(dot)org>, Adam Brightwell <adam(dot)brightwell(at)crunchydata(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>, "Tsunakawa, Takayuki" <tsunakawa(dot)takay(at)jp(dot)fujitsu(dot)com>, Pg Hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: PATCH: Configurable file mode mask
Date: 2018-04-06 22:34:39
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-hackers

On 4/6/18 6:04 PM, David Steele wrote:
> On 4/6/18 3:02 PM, Stephen Frost wrote:
>> - Further discussion in the commit messages
> Agreed, these need some more work.  I'm happy to do that but I'll need a
> bit more time.  Have a look at the new patches and I'll work on some
> better messages.

I'm sure you'll want to reword some things, but I think these commit
messages capture the essential changes for each patch.

01: Refactor file permissions in backend/frontend

Consolidate directory and file create permissions by adding a new module
(common/file_perm.c) that contains variables (pg_file_create_mode,
pg_dir_create_mode) and constants to initialize them (0600 for files and
0700 for directories).

Convert mkdir() calls in the backend to MakePGDirectory() if the
original call used default permissions (always the case for regular PG

Add tests to make sure permissions in PGDATA are set correctly by the
front-end tools.

Author: David Steele <david(at)pgmasters(dot)net>
Reviewed-By: Michael Paquier, with discussion amongst many others.

02: Allow group access on PGDATA

Allow the cluster to be optionally init'd with read access for the
group. This means a relatively non-privileged user can perform a backup
of the cluster without requiring write privileges, which enhances security.

The mode of PGDATA is used to determine whether group permissions are
enabled for directory and file creates. This method was chosen because
there are a number of front-end utilities that write into PGDATA but not
all of them read pg_control and none of them load GUCS.

Changing the mode of PGDATA manually will not automatically change the
mode of all the files contained therein. If the user would like to
enable group access on an existing cluster then changing the mode of the
existing files will be required. Note that pg_upgrade will
automatically change the mode of all migrated files if the new cluster
is init'd with the -g option.

Tests are included for the backend and all front-end utilities to ensure
that the correct mode is set based on the PGDATA permissions.

Author: David Steele <david(at)pgmasters(dot)net>
Reviewed-By: Michael Paquier, with discussion amongst many others.


In response to


Browse pgsql-hackers by date

  From Date Subject
Next Message David Rowley 2018-04-06 22:45:21 Re: [HACKERS] Runtime Partition Pruning
Previous Message Andres Freund 2018-04-06 22:23:23 Re: Online enabling of checksums