Postgres Pro
Downloads
Home   >   mailing lists

Re: [HACKERS] PATCH: Configurable file mode mask - Mailing list pgsql-hackers

From David Steele
Subject Re: [HACKERS] PATCH: Configurable file mode mask
Date
Msg-id 2db918f7-c4f7-1e4e-15b6-1305971b80bf@pgmasters.net
Whole thread Raw
In response to Re: [HACKERS] PATCH: Configurable file mode mask  (Stephen Frost <sfrost@snowman.net>)
Responses Re: [HACKERS] PATCH: Configurable file mode mask  (Tom Lane <tgl@sss.pgh.pa.us>)
Re: [HACKERS] PATCH: Configurable file mode mask  ("Tsunakawa, Takayuki" <tsunakawa.takay@jp.fujitsu.com>)
List pgsql-hackers
Tree view 
On 3/10/17 8:34 AM, Stephen Frost wrote:
> Greetings,
>
> * Tsunakawa, Takayuki (tsunakawa.takay@jp.fujitsu.com) wrote:
>> From: pgsql-hackers-owner@postgresql.org
>>> [mailto:pgsql-hackers-owner@postgresql.org] On Behalf Of David Steele
>>> PostgreSQL currently requires the file mode mask (umask) to be 0077.
>>> However, this precludes the possibility of a user in the postgres group
>>> performing a backup (or whatever).  Now that
>>> pg_start_backup()/pg_stop_backup() privileges can be delegated to an
>>> unprivileged user, it makes sense to also allow a (relatively) unprivileged
>>> user to perform the backup at the file system level as well.
>>
>> I'd like to help review this.  First, let me give some questions and comments.

Much appreciated!

>> 3.The default location of the SSL key file is $PGDATA, so the permission of the key file is likely to become 0640.
Butthe current postgres requires it to be 0600.  See src/backend/libpq/be-secure-openssl.c. 
>
> Yes, that needs to be addressed.  There was discussion on another thread
> that it would be useful to support the SSL key file having group read
> access, but since this patch is handling the other files it seems like
> it would make sense to do that change here also.

Perhaps, but since these files are not setup by initdb I'm not sure if
we should be handling their permissions.  This seems to be a
distro-specific issue.

It seems to me that it would be best to advise in the docs that these
files should be relocated if they won't be readable by the backup user.
In any event, I'm not convinced that backing up server private keys is a
good idea.

>> 5.I think some explanation about the concept of multiple OS users is necessary, such as here:
>>
>> 16.1. Short Version
>> https://www.postgresql.org/docs/devel/static/install-short.html
>>
>> 18.2. Creating a Database Cluster
>> https://www.postgresql.org/docs/devel/static/creating-cluster.html
>
> I agree that we should update the documention for this, including those.

We'll add that to the next patch.

Thanks,
--
-David
david@pgmasters.net

pgsql-hackers by date:

Previous
From: David Steele
Date:
Subject: Re: [HACKERS] PATCH: Configurable file mode mask
Next
From: Tom Lane
Date:
Subject: Re: [HACKERS] PATCH: Configurable file mode mask