Re: [HACKERS] PATCH: Configurable file mode mask - Mailing list pgsql-hackers

From Stephen Frost
Subject Re: [HACKERS] PATCH: Configurable file mode mask
Date
Msg-id 20170306135242.GK9812@tamriel.snowman.net
Whole thread Raw
In response to Re: [HACKERS] PATCH: Configurable file mode mask  (Tom Lane <tgl@sss.pgh.pa.us>)
List pgsql-hackers
Tom,

* Tom Lane (tgl@sss.pgh.pa.us) wrote:
> Simon Riggs <simon@2ndquadrant.com> writes:
> > On 1 March 2017 at 01:58, David Steele <david@pgmasters.net> wrote:
> >> PostgreSQL currently requires the file mode mask (umask) to be 0077.
> >> However, this precludes the possibility of a user in the postgres group
> >> performing a backup (or whatever).  Now that
> >> pg_start_backup()/pg_stop_backup() privileges can be delegated to an
> >> unprivileged user, it makes sense to also allow a (relatively)
> >> unprivileged user to perform the backup at the file system level as well.
>
> > +1
>
> I'd ask what is the point, considering that we don't view "cp -a" as a
> supported backup technique in the first place.

The point is to allow backups to be performed as a user who only has
read-only access to the files and is a non-superuser in the database.
With the changes to allow GRANT'ing of the pg_start/stop_backup and
related functions and these changes to allow the files to be group
readable, that will be possible using a tool such as pgbackrest, not
just with a "cp -a".

Thanks!

Stephen

pgsql-hackers by date:

Previous
From: Stephen Frost
Date:
Subject: Re: [HACKERS] PATCH: Configurable file mode mask
Next
From: Thomas Munro
Date:
Subject: Re: [HACKERS] WIP: [[Parallel] Shared] Hash