Re: pg_upgrade and umask - Mailing list pgsql-hackers

From Bruce Momjian
Subject Re: pg_upgrade and umask
Date
Msg-id 20120312235031.GD10441@momjian.us
Whole thread Raw
In response to Re: pg_upgrade and umask  (Bruce Momjian <bruce@momjian.us>)
List pgsql-hackers
On Fri, Mar 09, 2012 at 11:33:36AM -0500, Bruce Momjian wrote:
> On Fri, Mar 09, 2012 at 10:41:53AM -0500, Tom Lane wrote:
> > Bruce Momjian <bruce@momjian.us> writes:
> > > The problem is that these files are being created often by shell
> > > redirects, e.g. pg_dump -f out 2> log_file.  There is no clean way to
> > > control the file creation permissions in this case --- only umask gives
> > > us a process-level setting.   Actually, one crafty idea would be to do
> > > the umask only when I exec something, and when I create the initial
> > > files with the new banner you suggested.  Let me look into that.
> > 
> > You could create empty log files with the desired permissions, and then
> > do the execs with >>log_file, and thereby not have to globally change
> > umask.
> 
> Yes, that is what I have done, with the attached patch.  I basically
> wrapped the fopen call with umask calls, and have the system() call
> wrapped too.  That takes care of all the files pg_upgrade creates.
> 
> > > Frankly, the permissions are already being modified by the default
> > > umask, e.g. 0022.  Do we want a zero umask?
> > 
> > I'm not so worried about default umask; nobody's complained yet about
> > wrong permissions on pg_upgrade output files.  But umask 077 would be
> > likely to do things like get rid of group access to postgresql.conf,
> > which some people intentionally set.
> 
> Yes, that was my conclusion too, but I wanted to ask.  FYI, this doesn't
> affect the install itself, just what pg_upgrade changes, and it doesn't
> touch postgresql.conf, but, as you, I am worried there might be
> long-term problems with an aggressive umask that covered the entire
> executable.

I ended up creating fopen_priv to centralize the umask calls to a single
function, and added an is_priv boolean to exec_prog for the same purpose.

--  Bruce Momjian  <bruce@momjian.us>        http://momjian.us EnterpriseDB
http://enterprisedb.com
 + It's impossible for everything to be true. +


pgsql-hackers by date:

Previous
From: Bruce Momjian
Date:
Subject: Re: pg_upgrade --logfile option documentation
Next
From: Bruce Momjian
Date:
Subject: Re: xlog location arithmetic