Thread: Permissions on postgresql.conf, psql and patroni
Yesterday I "apt upgrade"d patroni (to version 1.6.0-1.pgdg18.04+1 from http://apt.postgresql.org/pub/repos/apt bionic-pgdg/main). Today I noticed that I couldn't invoke psql as an unprivileged user anymore: % psql Error: Invalid data directory for cluster 11 main Further investigation showed that the read permissions on /etc/.../postgresql.conf were revoked at the time of the upgrade. Either by a post-install script or maybe by patroni itself, when it started up again. This leads me to two questions: 1) Is there a reason to restrict read access to postgresql.conf to the user postgres? AFAIK this file doesn't normally contain sensitive data (unlike pg_hba.conf and pg_ident.conf which are restricted by default). 2) Why does psql need to read postgresql.conf, and more specifically, why does it care about the location of the data directory? It shouldn't access files directly, just talk to the server via the socket. hp -- _ | Peter J. Holzer | we build much bigger, better disasters now |_|_) | | because we have much more sophisticated | | | hjp@hjp.at | management tools. __/ | http://www.hjp.at/ | -- Ross Anderson <https://www.edge.org/>
Attachment
Peter J. Holzer wrote: > 2) Why does psql need to read postgresql.conf, and more specifically, > why does it care about the location of the data directory? It > shouldn't access files directly, just talk to the server via the > socket. It's not psql itself, it's pg_wrapper. $ ls -l /usr/bin/psql lrwxrwxrwx 1 root root 37 Aug 8 12:48 /usr/bin/psql -> ../share/postgresql-common/pg_wrapper See http://manpages.ubuntu.com/manpages/bionic/man1/pg_wrapper.1.html Best regards, -- Daniel Vérité PostgreSQL-powered mailer: http://www.manitou-mail.org Twitter: @DanielVerite
"Peter J. Holzer" <hjp-pgsql@hjp.at> writes: > Yesterday I "apt upgrade"d patroni (to version 1.6.0-1.pgdg18.04+1 from > http://apt.postgresql.org/pub/repos/apt bionic-pgdg/main). > Today I noticed that I couldn't invoke psql as an unprivileged user > anymore: > % psql > Error: Invalid data directory for cluster 11 main FYI, there's no such error string in the core Postgres sources. I imagine that it's coming from some wrapper script. > 1) Is there a reason to restrict read access to postgresql.conf to the > user postgres? Probably not, though it only matters if you keep that outside the data directory. > 2) Why does psql need to read postgresql.conf, and more specifically, > why does it care about the location of the data directory? psql itself won't/doesn't. I suspect you're dealing with a wrapper that is trying to figure out which version of psql to invoke. regards, tom lane
On 2019-09-09 13:29:38 +0200, Daniel Verite wrote: > Peter J. Holzer wrote: > > 2) Why does psql need to read postgresql.conf, and more specifically, > > why does it care about the location of the data directory? It > > shouldn't access files directly, just talk to the server via the > > socket. > > It's not psql itself, it's pg_wrapper. > > $ ls -l /usr/bin/psql > lrwxrwxrwx 1 root root 37 Aug 8 12:48 /usr/bin/psql -> > ../share/postgresql-common/pg_wrapper > > See http://manpages.ubuntu.com/manpages/bionic/man1/pg_wrapper.1.html Ah, thanks. On 2019-09-09 10:03:57 -0400, Tom Lane wrote: > "Peter J. Holzer" <hjp-pgsql@hjp.at> writes: > > Yesterday I "apt upgrade"d patroni (to version 1.6.0-1.pgdg18.04+1 from > > http://apt.postgresql.org/pub/repos/apt bionic-pgdg/main). > > Today I noticed that I couldn't invoke psql as an unprivileged user > > anymore: > > % psql > > Error: Invalid data directory for cluster 11 main > > FYI, there's no such error string in the core Postgres sources. > I imagine that it's coming from some wrapper script. Yep. Daniel shoved me into the right direction. The message is from PgCommon.pm, used by pg_wrapper. It's a good thing both packages are maintained by the same team. Saves the discussion who's going to fix it :-). hp -- _ | Peter J. Holzer | we build much bigger, better disasters now |_|_) | | because we have much more sophisticated | | | hjp@hjp.at | management tools. __/ | http://www.hjp.at/ | -- Ross Anderson <https://www.edge.org/>
Attachment
On 2019-09-09 19:15:19 +0200, Peter J. Holzer wrote: > On 2019-09-09 10:03:57 -0400, Tom Lane wrote: > > "Peter J. Holzer" <hjp-pgsql@hjp.at> writes: > > > Yesterday I "apt upgrade"d patroni (to version 1.6.0-1.pgdg18.04+1 > > > from http://apt.postgresql.org/pub/repos/apt bionic-pgdg/main). > > > Today I noticed that I couldn't invoke psql as an unprivileged user > > > anymore: > > > % psql > > > Error: Invalid data directory for cluster 11 main > > > > FYI, there's no such error string in the core Postgres sources. > > I imagine that it's coming from some wrapper script. > > Yep. Daniel shoved me into the right direction. The message is from > PgCommon.pm, used by pg_wrapper. > > It's a good thing both packages are maintained by the same team. Saves > the discussion who's going to fix it :-). Since this issue is specific to the debian/ubuntu packages, I've opened a ticket in redmine: https://redmine.postgresql.org/issues/4717 (as suggested in the wiki). hp -- _ | Peter J. Holzer | we build much bigger, better disasters now |_|_) | | because we have much more sophisticated | | | hjp@hjp.at | management tools. __/ | http://www.hjp.at/ | -- Ross Anderson <https://www.edge.org/>