On 6/3/16 4:13 PM, Robert Haas wrote:
> On Fri, Jun 3, 2016 at 2:12 PM, Andres Freund <andres@anarazel.de> wrote:
>> On 2016-06-03 14:00:00 -0400, Robert Haas wrote:
>>> On Fri, May 27, 2016 at 8:44 PM, Andres Freund <andres@anarazel.de> wrote:
>>>> I'm not convinced of that. Hiding unexpected issues for longer, just to
>>>> continue kind-of-operating, can make the impact of problems a lot worse,
>>>> and it makes it very hard to actually learn about the issues.
>>>
>>> So if we made this a WARNING rather than an ERROR, it wouldn't hiding
>>> the issue, but it would be less likely to break things that worked
>>> before. No?
>>
>> Except that we're then accepting the (proven!) potential for data
>> loss. We're talking about a single report of an restore_command setting
>> odd permissions. Which can easily be fixed.
>
> Well, I think that having restore_command start failing after a minor
> release update can cause data loss, too. Or even an outage.
I'm mostly with Andres on this but you do make a good point, Robert.
Andres, what if on EPERM you set write privs on the file and retry?
Maybe only back patch that change and for 9.6 expect restore_command
scripts to set sane permissions.
--
-David
david@pgmasters.net