Re: [HACKERS] PATCH: Configurable file mode mask
От | Tsunakawa, Takayuki |
---|---|
Тема | Re: [HACKERS] PATCH: Configurable file mode mask |
Дата | |
Msg-id | 0A3221C70F24FB45833433255569204D1F6B061F@G01JPEXMBYT05 обсуждение исходный текст |
Ответ на | [HACKERS] PATCH: Configurable file mode mask (David Steele <david@pgmasters.net>) |
Ответы |
Re: [HACKERS] PATCH: Configurable file mode mask
|
Список | pgsql-hackers |
From: pgsql-hackers-owner@postgresql.org > [mailto:pgsql-hackers-owner@postgresql.org] On Behalf Of David Steele > PostgreSQL currently requires the file mode mask (umask) to be 0077. > However, this precludes the possibility of a user in the postgres group > performing a backup (or whatever). Now that > pg_start_backup()/pg_stop_backup() privileges can be delegated to an > unprivileged user, it makes sense to also allow a (relatively) unprivileged > user to perform the backup at the file system level as well. I'd like to help review this. First, let me give some questions and comments. 1.What's the concrete use case of this feature? Do you intend to extend the concept of multiple DBAs to the full range ofadministration of a single database instance, or just multiple OS users for database backup? If you think that multiple OS user support is desirable to reduce the administration burdon on a single person, then isn'tthe automated backup sufficient (such as with cron)? 2.Backup should always be considered with recovery. If you allow another OS user to back up the database, can you allowhim to recover the database as well? For example, assume the PostgreSQL user account (the OS user who does initdb and pg_ctl start/stop) is dba1, and dba2 backsup the database using tar or cpio. When dba2 restores the backup, the owner of the database cluster becomes dba2. If the file permission only allows one userto write the file, then dba1 can't start the instance. 3.The default location of the SSL key file is $PGDATA, so the permission of the key file is likely to become 0640. But thecurrent postgres requires it to be 0600. See src/backend/libpq/be-secure-openssl.c. 4.I've seen a few users to place .pgpass file in $PGDATA and set the environment variable PGPASSFILE to point to it. Theyexpect it to be back up with other database files. So I'm afraid the permission of .pgpass file also becomes 0640 sometime. However, the current code requires it to be 0600. See src/interface/libpq/fe-connect.c. 5.I think some explanation about the concept of multiple OS users is necessary, such as here: 16.1. Short Version https://www.postgresql.org/docs/devel/static/install-short.html 18.2. Creating a Database Cluster https://www.postgresql.org/docs/devel/static/creating-cluster.html [FYI] Oracle instructs the user, during the software installation, to put "umask 022" in ~/.bashrc or so. MySQL's files in the data directory appears to be 0640. Regards Takayuki Tsunakawa
В списке pgsql-hackers по дате отправления: