Re: PATCH: Configurable file mode mask

From: David Steele <david(at)pgmasters(dot)net>
To: Michael Paquier <michael(at)paquier(dot)xyz>, Stephen Frost <sfrost(at)snowman(dot)net>
Cc: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>, Alvaro Herrera <alvherre(at)alvh(dot)no-ip(dot)org>, Adam Brightwell <adam(dot)brightwell(at)crunchydata(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>, "Tsunakawa, Takayuki" <tsunakawa(dot)takay(at)jp(dot)fujitsu(dot)com>, Pg Hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: PATCH: Configurable file mode mask
Date: 2018-03-27 20:21:09
Message-ID: d18ac852-92d8-532f-66ac-973e6b031d9a@pgmasters.net
Views: Raw Message | Whole Thread | Download mbox
Thread:
Lists: pgsql-hackers

On 3/20/18 11:14 PM, Michael Paquier wrote:
> On Tue, Mar 20, 2018 at 05:44:22PM -0400, Stephen Frost wrote:
>> * David Steele (david(at)pgmasters(dot)net) wrote:
>>> On 3/16/18 11:12 AM, Stephen Frost wrote:
>>> It seems to me that pg_basebackup and pg_receivexlog should have a -g
>>> option to control the mode of the files that they write to disk (not
>>> including the modes stored in the tar files).
>>>
>>> Or perhaps we should just update the perms in the tar files for now and
>>> leave the rest alone.
>>
>> Having options to pg_basebackup to control what's done makes sense to
>> me- but whatever those options do, I'd expect them to apply equally to
>> the tar files and to the files extracted with plain mode. Having those
>> be different really strikes me as very odd.
>
> Agreed for the consistency part, permissions should be applied
> consistently for the folder and the tar format.
>
> Having the option for pg_receivewal definitely makes sense to me, as it
> is the one in charge of opening and writing the WAL segments. For
> pg_basebackup, let's not forget that there is one tar file for each
> tablespace, and that each file is received separately using a COPY
> stream. There is some logic already which parses the tar header part of
> an individual file in order to look for recovery.conf (see
> ReceiveTarFile() in pg_basebackup.c). It would be possible to enforce
> grouping permissions when receiving each file, and this would be rather
> low-cost in performance I think. Honestly, my vote would go for having
> the permissions set correctly by the source server as this brings
> consistency to the whole experience without complicating the interface
> of pg_basebackup, and this also makes the footprint of this patch on
> pg_basebackup way lighter.

These updates address Michael's latest review and implement group access
for pg_basebackup, pg_receivewal, and pg_recvlogical. A new internal
GUC, data_directory_group_access, allows remote processes to determine
the correct mode using the existing SHOW protocol command.

I have dropped patch 01, which added the pg_resetwal tests. The tests
Peter added recently are sufficient for this patch so I'll pursue adding
the other tests separately to avoid noise on this thread.

Thanks,
--
-David
david(at)pgmasters(dot)net

Attachment Content-Type Size
group-access-v12-01-file-perm.patch text/plain 38.8 KB
group-access-v12-02-group.patch text/plain 40.5 KB

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Peter Geoghegan 2018-03-27 21:18:18 Re: [HACKERS] A design for amcheck heapam verification
Previous Message Fujii Masao 2018-03-27 19:45:49 Re: [bug fix] pg_rewind creates corrupt WAL files, and the standby cannot catch up the primary