Re: [HACKERS] PATCH: Configurable file mode mask - Mailing list pgsql-hackers

From Robert Haas
Subject Re: [HACKERS] PATCH: Configurable file mode mask
Date
Msg-id CA+TgmoYQwO-C_gctLTyN3rvFZQuht3J0H3Biry1Mez1yLsqFLQ@mail.gmail.com
Whole thread Raw
In response to Re: [HACKERS] PATCH: Configurable file mode mask  (Tom Lane <tgl@sss.pgh.pa.us>)
Responses Re: [HACKERS] PATCH: Configurable file mode mask
List pgsql-hackers
On Mon, Mar 6, 2017 at 7:38 AM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
> Simon Riggs <simon@2ndquadrant.com> writes:
>> On 1 March 2017 at 01:58, David Steele <david@pgmasters.net> wrote:
>>> PostgreSQL currently requires the file mode mask (umask) to be 0077.
>>> However, this precludes the possibility of a user in the postgres group
>>> performing a backup (or whatever).  Now that
>>> pg_start_backup()/pg_stop_backup() privileges can be delegated to an
>>> unprivileged user, it makes sense to also allow a (relatively)
>>> unprivileged user to perform the backup at the file system level as well.
>
>> +1
>
> I'd ask what is the point, considering that we don't view "cp -a" as a
> supported backup technique in the first place.

/me is confused.

Surely the idea is that you'd like an unprivileged database user to
run pg_start_backup(), an operating system user that can read but not
write the database files to copy them, and then the unprivileged to
then run pg_stop_backup().  I have no opinion on the patch, but I
support the goal.  As I said on the surprisingly-controversial thread
about ripping out hard-coded superuser checks, reducing the level of
privilege which someone must have in order to perform a necessary
operation leads to better security.  An exclusive backup taken via the
filesystem (probably not via cp, but say via tar or cpio) inevitably
requires the backup user to be able to read the entire cluster
directory, but it doesn't inherently require the backup user to be
able to write the cluster directory.

-- 
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company



pgsql-hackers by date:

Previous
From: Dilip Kumar
Date:
Subject: Re: [HACKERS] Proposal : Parallel Merge Join
Next
From: Robert Haas
Date:
Subject: Re: [HACKERS] Parallel Index Scans