Обсуждение: [BUGS] BUG #14586: Permissions of recovery.conf are different in plain andtar-format
[BUGS] BUG #14586: Permissions of recovery.conf are different in plain andtar-format
От
markus@braeunig.biz
Дата:
The following bug has been logged on the website: Bug reference: 14586 Logged by: Markus Bräunig Email address: markus@braeunig.biz PostgreSQL version: 9.6.2 Operating system: CentOS Linux release 7.3.1611 Description: The option "--write-recovery-conf" of pg_basebackup creates a valid recovery.conf but misses to apply secure file permissions when the default format (plain) is used. If you tar the result (-F t), the recovery.conf inside the base.tar has the permissions 0600. In plain format the umask of the actual user is applied and the permissions are e.g. 0644. Because plain passwords are possible in this file, I would suggest to unify this behavior and change the permissions to 0600 in both cases. Regards Markus -- Sent via pgsql-bugs mailing list (pgsql-bugs@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-bugs
Re: [BUGS] BUG #14586: Permissions of recovery.conf are different inplain and tar-format
От
Michael Paquier
Дата:
On Fri, Mar 10, 2017 at 5:00 PM, <markus@braeunig.biz> wrote: > The option "--write-recovery-conf" of pg_basebackup creates a valid > recovery.conf but misses to apply secure file permissions when the default > format (plain) is used. > > If you tar the result (-F t), the recovery.conf inside the base.tar has the > permissions 0600. > In plain format the umask of the actual user is applied and the permissions > are e.g. 0644. > > Because plain passwords are possible in this file, I would suggest to unify > this behavior and change the permissions to 0600 in both cases. It does not matter much. Backup folder created by pg_basebackup has 0700 as umask. -- Michael -- Sent via pgsql-bugs mailing list (pgsql-bugs@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-bugs
Re: [BUGS] BUG #14586: Permissions of recovery.conf are different inplain and tar-format
От
Markus Bräunig
Дата:
I just tried it and pg_basebackup doesn't create a folder by itself or changes the umask (RH 7.3).
Beside this I think it would be better not to just trust the permissions of the datadir above (Defense in depth).
Von: Michael Paquier <michael.paquier@gmail.com>
Gesendet: Montag, 13. März 2017 07:51
An: Markus Bräunig
Cc: PostgreSQL mailing lists
Betreff: Re: [BUGS] BUG #14586: Permissions of recovery.conf are different in plain and tar-format
Gesendet: Montag, 13. März 2017 07:51
An: Markus Bräunig
Cc: PostgreSQL mailing lists
Betreff: Re: [BUGS] BUG #14586: Permissions of recovery.conf are different in plain and tar-format
On Fri, Mar 10, 2017 at 5:00 PM, <markus@braeunig.biz> wrote:
> The option "--write-recovery-conf" of pg_basebackup creates a valid
> recovery.conf but misses to apply secure file permissions when the default
> format (plain) is used.
>
> If you tar the result (-F t), the recovery.conf inside the base.tar has the
> permissions 0600.
> In plain format the umask of the actual user is applied and the permissions
> are e.g. 0644.
>
> Because plain passwords are possible in this file, I would suggest to unify
> this behavior and change the permissions to 0600 in both cases.
It does not matter much. Backup folder created by pg_basebackup has
0700 as umask.
--
Michael
> The option "--write-recovery-conf" of pg_basebackup creates a valid
> recovery.conf but misses to apply secure file permissions when the default
> format (plain) is used.
>
> If you tar the result (-F t), the recovery.conf inside the base.tar has the
> permissions 0600.
> In plain format the umask of the actual user is applied and the permissions
> are e.g. 0644.
>
> Because plain passwords are possible in this file, I would suggest to unify
> this behavior and change the permissions to 0600 in both cases.
It does not matter much. Backup folder created by pg_basebackup has
0700 as umask.
--
Michael