Re: pg_basebackup ignores the existing data directory permissions
| От | Magnus Hagander |
|---|---|
| Тема | Re: pg_basebackup ignores the existing data directory permissions |
| Дата | |
| Msg-id | CABUevEx4NyyrihUJs9ega0KFSzy9xUHovgKsJ+gRfasu5hBxtg@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: pg_basebackup ignores the existing data directory permissions (Michael Paquier <michael@paquier.xyz>) |
| Ответы |
Re: pg_basebackup ignores the existing data directory permissions
|
| Список | pgsql-hackers |
On Thu, Feb 14, 2019 at 9:10 AM Michael Paquier <michael@paquier.xyz> wrote:
On Thu, Feb 14, 2019 at 06:34:07PM +1100, Haribabu Kommi wrote:
> we have an application that is used to create the data directory with
Well, initdb would do that happily, so there is no actual any need to
do that to begin with. Anyway..
> owner access (0700), but with initdb group permissions option, it
> automatically
> converts to (0750) by the initdb. But pg_basebackup doesn't change it when
> it tries to do a backup from a group access server.
So that's basically the opposite of the case I was thinking about,
where you create a path for a base backup with permissions strictly
higher than 700, say 755, and the base backup path does not have
enough restrictions. And in your case the permissions are too
restrictive because of the application creating the folder itself but
they should be relaxed if group access is enabled. Actually, that's
something that we may want to do consistently across all branches. If
an application calls pg_basebackup after creating a path, they most
likely change the permissions anyway to allow the postmaster to
start.
I think it could be argued that neither initdb *or* pg_basebackup should change the permissions on an existing directory, because the admin may have done that intentionally. But when they do create the directory, they should follow the same patterns.
В списке pgsql-hackers по дате отправления: