Re: Unable to connect to PostgreSQL DB as root user when private key is owned by root with permission 640

On 5/26/22 2:16 PM, Tom Lane wrote:
> David Steele <david@pgmasters.net> writes:
>> On 5/24/22 16:05, Tom Lane wrote:
>>> After further poking at this, I see that we also have to drop the check of
>>> file ownership.  That was already dropped once long ago (3405f2b9253), on
>>> the grounds that if the file has suitable permissions but its ownership
>>> isn't what we expect then our read attempt will fail, so we needn't check
>>> ownership explicitly.  While I'd prefer a more explicit error than the
>>> "Permission denied" that you get with this approach, the intent of this
>>> patch was not to create any new failure modes, so I think we're stuck
>>> with that.
> 
>> That makes sense. Seems I should have dug further into why the server
>> does this but the client does not.
> 
> Pushed that.

Excellent. Thank you!

>>> Open questions:
>>> * This puts us back into a situation where the frontend and server tests
>>> are not in sync.  Do we want to relax the server's checks to match this,
>>> or just leave that side as it stands?
> 
>> I'm inclined to leave it as is in the back branches to avoid any other
>> unintended consequences. Perhaps we could make the change for PG15?
> 
> Yeah, I'm unenthused now about touching this in the back branches.
> But do we want to do it in HEAD, or just leave well enough alone?

After thinking on it for a bit I believe we should leave well enough 
alone. This code is rarely touched so I don't think it's a very big deal.

Regards,
-- 
-David
david@pgmasters.net