Radoslaw Stachowiak <radek@alter.pl> writes:
> and one more suggestion, as this feature is a little bit to strong IMHO.
> Common practice for such files (private keys) is to make them owned by
> root user and postgres group with 640 mode.
I don't think that's either common practice or a good idea. For one
thing, it presumes that there *is* a postgres group; which is not a
requirement we ever had before. For another, root can read or write the
file if she chooses regardless of ownership or permissions, so it's not
like doing it that way gains anything.
As a counterexample, on a setup like mine (HP-UX), all normal users are
members of group "users" and so group readability is not much safer than
world readability. If Postgres neglected to complain about mode 640
then there'd be little point in having a file-security check at all, on
this system.
IMHO the existing check is just fine, although the complaint message
could be a lot more specific (it looks to me like three distinctly
different sanity checks are being folded into one error message :-().
regards, tom lane
