What do people think of pg_upgrade setting its umask to 0077 so the log
and SQL files are only readable by the postgres user?
-rwx------ 1 postgres postgres 41 Mar 9 09:59 delete_old_cluster.sh* -rw------- 1 postgres postgres 6411 Mar 8
21:56pg_upgrade_dump_all.sql -rw------- 1 postgres postgres 5651 Mar 8 21:56 pg_upgrade_dump_db.sql -rw------- 1
postgrespostgres 738 Mar 8 21:56 pg_upgrade_dump_globals.sql -rw------- 1 postgres postgres 1669 Mar 8 21:56
pg_upgrade_internal.log-rw------- 1 postgres postgres 1667 Mar 8 21:56 pg_upgrade_restore.log -rw------- 1 postgres
postgres1397 Mar 8 21:56 pg_upgrade_server.log -rw------- 1 postgres postgres 385 Mar 8 21:56
pg_upgrade_utility.log
The umask would also affect files it copies like clog and the data
files, but those already have only postgres permissions.
The downside is that users running pg_upgrade with 'su' or 'RUNAS' would
need to use those to inspect the log files for errors.
FYI, delete_old_cluster.sh probably has to be run as root, but root
seems able to run an executable that it doesn't own.
I am thinking it isn't worth the complexity of using umask and
restricting those files, but wanted opinions.
-- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB
http://enterprisedb.com
+ It's impossible for everything to be true. +
