Re: [HACKERS] PATCH: Configurable file mode mask
| От | Stephen Frost |
|---|---|
| Тема | Re: [HACKERS] PATCH: Configurable file mode mask |
| Дата | |
| Msg-id | 20170306135242.GK9812@tamriel.snowman.net обсуждение исходный текст |
| Ответ на | Re: [HACKERS] PATCH: Configurable file mode mask (Tom Lane <tgl@sss.pgh.pa.us>) |
| Список | pgsql-hackers |
Tom, * Tom Lane (tgl@sss.pgh.pa.us) wrote: > Simon Riggs <simon@2ndquadrant.com> writes: > > On 1 March 2017 at 01:58, David Steele <david@pgmasters.net> wrote: > >> PostgreSQL currently requires the file mode mask (umask) to be 0077. > >> However, this precludes the possibility of a user in the postgres group > >> performing a backup (or whatever). Now that > >> pg_start_backup()/pg_stop_backup() privileges can be delegated to an > >> unprivileged user, it makes sense to also allow a (relatively) > >> unprivileged user to perform the backup at the file system level as well. > > > +1 > > I'd ask what is the point, considering that we don't view "cp -a" as a > supported backup technique in the first place. The point is to allow backups to be performed as a user who only has read-only access to the files and is a non-superuser in the database. With the changes to allow GRANT'ing of the pg_start/stop_backup and related functions and these changes to allow the files to be group readable, that will be possible using a tool such as pgbackrest, not just with a "cp -a". Thanks! Stephen
В списке pgsql-hackers по дате отправления: