[HACKERS] PATCH: Configurable file mode mask
| От | David Steele |
|---|---|
| Тема | [HACKERS] PATCH: Configurable file mode mask |
| Дата | |
| Msg-id | ad346fe6-b23e-59f1-ecb7-0e08390ad629@pgmasters.net обсуждение исходный текст |
| Ответы |
Re: [HACKERS] PATCH: Configurable file mode mask
Re: [HACKERS] PATCH: Configurable file mode mask Re: [HACKERS] PATCH: Configurable file mode mask |
| Список | pgsql-hackers |
PostgreSQL currently requires the file mode mask (umask) to be 0077. However, this precludes the possibility of a user in the postgres group performing a backup (or whatever). Now that pg_start_backup()/pg_stop_backup() privileges can be delegated to an unprivileged user, it makes sense to also allow a (relatively) unprivileged user to perform the backup at the file system level as well. This patch introduces a new initdb param, -u/-file-mode-mask, and a new GUC, file_mode_mask, to allow the default mode of files and directories in the $PGDATA directory to be modified. This obviously required mode changes in a number of places, so at the same time the BasicOpenFile(), OpenTransientFile(), and PathNameOpenFile() have been split into versions that either use the default permissions or allow custom permissions. In the end there was only one call to the custom permission version (be-fsstubs.c:505) for all three variants. The following three calls (at the least) need to be reviewed: bin/pg_dump/pg_backup_directory.c:194 src/port/mkdtemp.c:190 bin/pg_basebackup.c:599:655:1399 And this call needs serious consideration: bin/pg_rewind/file_ops.c:214 Besides that there should be tests to make sure the masks are working as expected and these could be added to the initdb TAP tests, though no mask tests exist at this time. Making sure all file operations produce the correct modes would need to be placed in a new module, perhaps the new backup tests proposed in [1]. Adam Brightwell developed the patch based on an initial concept by me and Stephen Frost. I added the refactoring in fd.c and some additional documentation. This patch applies cleanly on 016c990 but may fare badly over time due to the number of files modified. -- -David david@pgmasters.net [1] https://www.postgresql.org/message-id/758e3fd1-45b4-5e28-75cd-e9e7f93a4c02@pgmasters.net -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
Вложения
В списке pgsql-hackers по дате отправления: