Re: backup manifests

Greetings,

* Andres Freund (andres@anarazel.de) wrote:
> On 2020-03-27 15:20:27 -0400, Robert Haas wrote:
> > On Fri, Mar 27, 2020 at 2:29 AM Andres Freund <andres@anarazel.de> wrote:
> > > Hm. Should this warn if the directory's permissions are set too openly
> > > (world writable?)?
> >
> > I don't think so, but it's pretty clear that different people have
> > different ideas about what the scope of this tool ought to be, even in
> > this first version.
>
> Yea. I don't have a strong opinion on this specific issue. I was mostly
> wondering because I've repeatedly seen people restore backups with world
> readable properties, and with that it's obviously possible for somebody
> else to change the contents after the checksum was computed.

For my 2c, at least, I don't think we need to check the directory
permissions, but I wouldn't object to including a warning if they're set
such that PG won't start.  I suppose +0 for "warn if they are such that
PG won't start".

Thanks,

Stephen