Re: pgsql: Prevent running pg_basebackup as root

On Wed, Feb 05, 2020 at 12:22:59PM -0500, Stephen Frost wrote:
> In any case, sorry for not responding on this sooner (was traveling for
> FOSDEM and such), but I'm not really convinced this is something we want
> and it certainly breaks at least somewhat reasonable use-cases when you
> think about using pg_basebackup with -Ft.  In that vein, this change is
> kinda like saying "you can't run pg_dump as root"..

It seems to me that this is entirely different than the case of
pg_dump, as it is possible to restore a dump even as root, something
that cannot happen with physical backups without an extra chmod -R.
You have a point with -Ft as untaring the tarballs from a base backup
taken with pg_basebackup -Ft used by root generates files owned by the
original user.  -Fp enforces the files to be owned by the user taking
the backup, which makes the most sense, so for consistency with the
other tools preventing root to run pg_basebackup makes sense to me
with -Fp.  Any thoughts from others to restrict the tool with -Fp but
not with -Ft?  The argument of consistency mattered for me first for
both formats.
--
Michael