Re: pgsql: Prevent running pg_basebackup as root

Greetings,

* Michael Paquier (michael@paquier.xyz) wrote:
> Prevent running pg_basebackup as root
>
> Similarly to pg_upgrade, pg_ctl and initdb, a root user is able to use
> --version and --help, but cannot execute the actual operation to avoid
> the creation of files with permissions incompatible with the
> postmaster.
>
> This is a behavior change, so not back-patching is done.

While it's maybe not ideal, surely there isn't an actual issue if
pg_basebackup is run as root with -Ft, is there..?

There's possibly something to be said about the fact that we hard-code
the username/groupname in the tar file too (interestingly, we actually
do pass through the uid/gid..)- perhaps we should actually be passing
the username/groupname through, but if we did do something like that
then having pg_basebackup running as root would be necessary if we want
to preserve the file ownership.

In any case, sorry for not responding on this sooner (was traveling for
FOSDEM and such), but I'm not really convinced this is something we want
and it certainly breaks at least somewhat reasonable use-cases when you
think about using pg_basebackup with -Ft.  In that vein, this change is
kinda like saying "you can't run pg_dump as root"..

Thanks,

Stephen