>> Hmmm... Can a parameter be passed to COPY giving the file create mode?
> Yes, that was what I was thinking of.
I have committed changes to current CVS that (a) ensure that pg_pwd
is written with mode 600, (b) reduce the permissions of other files
written by backend-side COPY to 644, instead of 666 as they were;
(c) if initdb is pointed at a pre-existing PGDATA directory, it does
chmod go-rwx on the dir to be sure its permissions are not too loose.
(As a free byproduct, this also verifies that the dir is owned by
postgres...)
I am not 100% comfortable with backpatching these changes into REL6_5,
however, since I had to change the way that the CREATE/ALTER USER
commands invoke COPY. So I think I will just leave them in the 7.0
code and not back-patch.
As an immediate fix, I suggest regenerating the RH RPMs so that
/var/lib/pgsql is created with mode 700 not 755.
regards, tom lane
