Peter Eisentraut <peter_e@gmx.net> writes:
> Tom Lane writes:
>> This is probably overly restrictive; in fact, I would argue that there
>> should be no such check at all. We do not do runtime checks for
>> permissions on any other files, and some of them are far more sensitive
>> than postgresql.conf (password files for example). Peter, what is the
>> rationale for having this check?
> Security on a module basis perhaps (a.k.a. paranoia)? I could agree on
> moving that check to $PGDATA but I feel it needs to be there.
Seems to me it makes more sense to check $PGDATA, not one individual
file within the directory. Ultimately we depend on $PGDATA to have
the right permissions.
We've since seen a second gripe from a user who was confused by this
check, so at the very least, the error message needs to be made more
clear. (The second guy evidently thought that the code wanted him
to relax the permissions on postgresql.conf, not tighten them.)
regards, tom lane
