Thread: Suppress checking of chmod 700 on data-dir?

 Hi postgresql-listmembers,
for a backup-scenario I need to have access to the pgdata-directory as a
different shell-user, but postgresqul refuses to start if chmod is not
700 on the directory.

Is there a way to prevent postgres to check the data-dirs chmod 700 on
startup (and while running) ?

Thanks for your short replies. I could not figure it out in the
documentation.

Regards Johannes
postgresql 8.2.4 on ubuntu dapper
(if this question came 100times, I apologize for being unable to find it)

On fim, 2007-06-07 at 10:38 +0200, Johannes Konert wrote:
>  Hi postgresql-listmembers,
> for a backup-scenario I need to have access to the pgdata-directory as a
> different shell-user, but postgresqul refuses to start if chmod is not
> 700 on the directory.
>
> Is there a way to prevent postgres to check the data-dirs chmod 700 on
> startup (and while running) ?

use sudo in your backup scenario, or run you backup as postgres

gnari

> use sudo in your backup scenario, or run you backup as postgres
>
Thanks for your quick reply.
Unfortunaltelly runing backup via sudo is not an option due to sercurity
issues and using postgres-user is not feasable because other data as
well is backuped where postgres-user should not have access to.
So your answer means that there is definitelly NO way to circumwent the
chmod 700 thing? Its hard to believe that. Each and evera thing is
configurable in postgres, but I cannot disable or relax
directory-permissions checking?   Even not with a compile-option or
something  like that?

Anyway thanks for your help. I'll keep searching for a solution.
Regards Johannes

Ragnar wrote:
>> are you planning a filesystem-level backup?
>>
>> are you aware that you cannot just backup the postgres data directories
>> fro under a running server, and expect the
>> backup to be usable?
>>
>> gnari
>>
As war as I understood the docu of psql 8.2.4
(http://www.postgresql.org/docs/8.2/interactive/continuous-archiving.html
section 23.3.2) you can copy the files while postgres is running
(respecting pg_start_backup and pg_stop_backup)
But that is not my point. The question is where I can change the
enforced chmod 700 postgresql always wants me to set.
Regards Johannes :)

On Thu, 2007-06-07 at 12:57 +0200, Johannes Konert wrote:
> > use sudo in your backup scenario, or run you backup as postgres
> >
> Thanks for your quick reply.
> Unfortunaltelly runing backup via sudo is not an option due to sercurity
> issues and using postgres-user is not feasable because other data as
> well is backuped where postgres-user should not have access to.

You could run the backup as postgres and pipe the output to another
program owned by the other user and with suid set in its permissions.
The suid means that the receiving program would have access where you
don't want postgres to go.

--
Oliver Elphick                                          olly@lfix.co.uk
Isle of Wight                              http://www.lfix.co.uk/oliver
GPG: 1024D/A54310EA  92C8 39E7 280E 3631 3F0E  1EC0 5664 7A2F A543 10EA
                 ========================================
   Do you want to know God?   http://www.lfix.co.uk/knowing_god.html

Johannes Konert wrote:
> Ragnar wrote:
>>> are you planning a filesystem-level backup?
> As war as I understood the docu of psql 8.2.4
> (http://www.postgresql.org/docs/8.2/interactive/continuous-archiving.html
> section 23.3.2) you can copy the files while postgres is running
> (respecting pg_start_backup and pg_stop_backup)
> But that is not my point. The question is where I can change the
> enforced chmod 700 postgresql always wants me to set.

You can't.

You can however change the postgresql.conf to put look for files
somewhere besides $PGDATA and thus you would be able to back them up.

Anything else in there you should be grabbing via pg_dump anyway.

Joshua D. Drake


> Regards Johannes :)
>
> ---------------------------(end of broadcast)---------------------------
> TIP 4: Have you searched our list archives?
>
>               http://archives.postgresql.org/
>


--

       === The PostgreSQL Company: Command Prompt, Inc. ===
Sales/Support: +1.503.667.4564 || 24x7/Emergency: +1.800.492.2240
Providing the most comprehensive  PostgreSQL solutions since 1997
              http://www.commandprompt.com/

Donate to the PostgreSQL Project: http://www.postgresql.org/about/donate
PostgreSQL Replication: http://www.commandprompt.com/products/

Joshua D. Drake wrote:
> Johannes Konert wrote:
>> But that is not my point. The question is where I can change the
>> enforced chmod 700 postgresql always wants me to set.
> You can't.
>
> You can however change the postgresql.conf to put look for files
> somewhere besides $PGDATA and thus you would be able to back them up.
With postgresql.conf I can change the path to the data-dir, but
postgresql checks the chmod 700 on that directory either. So only the
logfiles can be written and accessed somewhere else. The data itself is
still only accessible by the postgres-user.
> Anything else in there you should be grabbing via pg_dump anyway.
So you suggest not to backup the filesystem-files, but to do a dump
instead? Does this work together with PITR as described in 23.3.
(http://www.postgresql.org/docs/8.2/interactive/continuous-archiving.html#BACKUP-BASE-BACKUP).
I want to make a full backup every night of a heavy DB while it is
running. Combined with short-term-WAL-archiving. Getting the WAL-files
is easy by using the config-parameter archive_command, but to copy and
backup the "base backup" once a day is impossible if I cannot access the
data-files.
Will the described backup&restore work as well with a dump + WAL-files?
Then I could forget about copying the file-system-files....

On Mon, 2007-06-11 at 09:03 +0200, Johannes Konert wrote:
> Joshua D. Drake wrote:

> > Anything else in there you should be grabbing via pg_dump anyway.

> So you suggest not to backup the filesystem-files, but to do a dump
> instead? Does this work together with PITR as described in 23.3.
> (http://www.postgresql.org/docs/8.2/interactive/continuous-archiving.html#BACKUP-BASE-BACKUP).
> I want to make a full backup every night of a heavy DB while it is
> running. Combined with short-term-WAL-archiving. Getting the WAL-files
> is easy by using the config-parameter archive_command, but to copy and
> backup the "base backup" once a day is impossible if I cannot access the
> data-files.
> Will the described backup&restore work as well with a dump + WAL-files?
> Then I could forget about copying the file-system-files....

No, it won't, so I'm not sure what Josh means.

--
  Simon Riggs
  EnterpriseDB   http://www.enterprisedb.com

Oliver Elphick wrote:
> You could run the backup as postgres and pipe the output to another
> program owned by the other user and with suid set in its permissions.
> The suid means that the receiving program would have access where you
> don't want postgres to go.
Thanks Oliver,
that was a good hint. Suids are not working on bash-scripts, but with a
restricted entry in /etc/sudoers now the backup-user can execute a
copy-and-access-script to get the files from within PGDATA-dir.
Regards Johannes

At 2:05a -0400 on 12 Jun 2007, Johannes Konert wrote:
> that was a good hint. Suids are not working on bash-scripts, but with a
> restricted entry in /etc/sudoers now the backup-user can execute a
> copy-and-access-script to get the files from within PGDATA-dir.

If you're curious as to /why/ setuids don't work on scripts, this FAQ
may be of interest:

http://www.faqs.org/faqs/unix-faq/faq/part4/section-7.html

Kevin