Thread: pg_resetxlog as root
We should prevent pg_resetxlog from being run as root: it writes new files to $PGDATA, so running the tool as root will result in those files being owned by root, which makes the data directory unusable. Attached is a trivial patch that makes this change for Unix. I suppose a similar fix is needed for Win32? If so, pgwin32_is_admin() would be the natural routine to call, but that is currently in src/backend/port -- we would need to move it to src/port, probably. Comments? -Neil
Attachment
> -----Original Message----- > From: pgsql-patches-owner@postgresql.org > [mailto:pgsql-patches-owner@postgresql.org] On Behalf Of Neil Conway > Sent: 12 December 2004 22:57 > To: pgsql-patches > Subject: [PATCHES] pg_resetxlog as root > > I suppose a similar fix is needed for Win32? If so, > pgwin32_is_admin() would be the natural routine to call, but > that is currently in src/backend/port -- we would need to > move it to src/port, probably. Comments? Sounds reasonable to me. Regards, Dave.
On Sun, 2004-12-12 at 23:59 +0000, Dave Page wrote: > Sounds reasonable to me. Attached is a patch that implements this. src/port/backend/win32/security.c is moved to src/port/win32_security.c, and conditionally added to LIBOBJS. Note that I don't have much experience with the build system, and less still with the Win32 port, so please let me know if there's a better way to do this. Also, I don't have a Windows build environment -- could someone verify whether this builds on Win32? -Neil
Attachment
> -----Original Message----- > From: Neil Conway [mailto:neilc@samurai.com] > Sent: 13 December 2004 03:59 > To: Dave Page > Cc: pgsql-patches > Subject: RE: [PATCHES] pg_resetxlog as root > > On Sun, 2004-12-12 at 23:59 +0000, Dave Page wrote: > > Sounds reasonable to me. > > Attached is a patch that implements this. > src/port/backend/win32/security.c is moved to > src/port/win32_security.c, and conditionally added to > LIBOBJS. Note that I don't have much experience with the > build system, and less still with the Win32 port, so please > let me know if there's a better way to do this. Also, I don't > have a Windows build environment -- could someone verify > whether this builds on Win32? Not quite there I'm afraid. Unfortunately I don't have time right now to look further, but I don't suppose it's a major problem: make[3]: Entering directory `/cvs/pgsql/src/bin/pg_resetxlog' msgfmt -o po/cs.mo po/cs.po msgfmt -o po/de.mo po/de.po msgfmt -o po/es.mo po/es.po msgfmt -o po/fr.mo po/fr.po msgfmt -o po/hu.mo po/hu.po msgfmt -o po/it.mo po/it.po msgfmt -o po/nb.mo po/nb.po msgfmt -o po/pt_BR.mo po/pt_BR.po msgfmt -o po/ro.mo po/ro.po msgfmt -o po/ru.mo po/ru.po msgfmt -o po/sk.mo po/sk.po msgfmt -o po/sl.mo po/sl.po msgfmt -o po/sv.mo po/sv.po msgfmt -o po/tr.mo po/tr.po msgfmt -o po/zh_CN.mo po/zh_CN.po msgfmt -o po/zh_TW.mo po/zh_TW.po make -C ../../../src/port all make[4]: Entering directory `/cvs/pgsql/src/port' make[4]: Nothing to be done for `all'. make[4]: Leaving directory `/cvs/pgsql/src/port' gcc -O2 -Wall -Wmissing-prototypes -Wpointer-arith -Wendif-labels -fno-strict-aliasing -I../../../src/include -I./src/include/port/win32 -DEXEC_BACKEND "-I../../../src/include/port/win32" -DFRONTEND -c -o pg_resetxlog.o pg_resetxlog.c pg_resetxlog.c: In function `main': pg_resetxlog.c:190: warning: implicit declaration of function `pgwin32_is_admin' pg_resetxlog.c: In function `PrintControlValues': pg_resetxlog.c:468: warning: unsigned int format, different type arg (arg 4) rm -f pg_crc.c && ln -s ../../../src/backend/utils/hash/pg_crc.c . gcc -O2 -Wall -Wmissing-prototypes -Wpointer-arith -Wendif-labels -fno-strict-aliasing -I../../../src/include -I./src/include/port/win32 -DEXEC_BACKEND "-I../../../src/include/port/win32" -DFRONTEND -c -o pg_crc.o pg_crc.c sed -e 's;FILEDESC;"pg_resetxlog - reset PostgreSQL WAL log";' -e 's;VFT_APP;VFT_APP;' -e 's;_ICO_;;' ../../../src/port/win32ver.rc > win32ver.rc windres -i win32ver.rc -o win32ver.o --include-dir=../../../src/include rm -f win32ver.rc gcc -O2 -Wall -Wmissing-prototypes -Wpointer-arith -Wendif-labels -fno-strict-aliasing pg_resetxlog.o pg_crc.o win32ver.o -L../../../src/port -Wl,--allow-multiple-definition -lpgport -lintl -lssleay32 -leay32 -lz -lwsock32 -lm -lws2_32 -o pg_resetxlog.exe ../../../src/port/libpgport.a(win32_security.o)(.text+0x2cf):win32_secur ity.c: undefined reference to `write_stderr' ../../../src/port/libpgport.a(win32_security.o)(.text+0x2f2):win32_secur ity.c: undefined reference to `write_stderr' make[3]: *** [pg_resetxlog] Error 1 make[3]: Leaving directory `/cvs/pgsql/src/bin/pg_resetxlog' make[2]: *** [all] Error 2 make[2]: Leaving directory `/cvs/pgsql/src/bin' make[1]: *** [all] Error 2 make[1]: Leaving directory `/cvs/pgsql/src' make: *** [all] Error 2 Regards, Dave.
On Mon, 2004-12-13 at 11:30 +0000, Dave Page wrote: > > > -----Original Message----- > > From: Neil Conway [mailto:neilc@samurai.com] > > Sent: 13 December 2004 03:59 > > To: Dave Page > > Cc: pgsql-patches > > Subject: RE: [PATCHES] pg_resetxlog as root > > > > On Sun, 2004-12-12 at 23:59 +0000, Dave Page wrote: > > > Sounds reasonable to me. > > > > Attached is a patch that implements this. > > src/port/backend/win32/security.c is moved to > > src/port/win32_security.c, and conditionally added to > > LIBOBJS. Note that I don't have much experience with the > > build system, and less still with the Win32 port, so please > > let me know if there's a better way to do this. Also, I don't > > have a Windows build environment -- could someone verify > > whether this builds on Win32? > > Not quite there I'm afraid. Unfortunately I don't have time right now to > look further, but I don't suppose it's a major problem [...] On closer inspection, there are other places where Win32 could make this check but does not (e.g. pg_ctl, initdb). Therefore I've decided not to fix the Win32 side of things, and just committed the patch as is. IMHO it would be wise for the Win32 folks to fix this, but I'll leave that decision to them (... without a Win32 build environment I'm not really comfortable committing fixes during RC without being able to compile, much less test them). -Neil