Hi,
On 2020-03-27 17:44:07 -0400, Stephen Frost wrote:
> * Andres Freund (andres@anarazel.de) wrote:
> > On 2020-03-27 15:20:27 -0400, Robert Haas wrote:
> > > On Fri, Mar 27, 2020 at 2:29 AM Andres Freund <andres@anarazel.de> wrote:
> > > > Hm. Should this warn if the directory's permissions are set too openly
> > > > (world writable?)?
> > >
> > > I don't think so, but it's pretty clear that different people have
> > > different ideas about what the scope of this tool ought to be, even in
> > > this first version.
> >
> > Yea. I don't have a strong opinion on this specific issue. I was mostly
> > wondering because I've repeatedly seen people restore backups with world
> > readable properties, and with that it's obviously possible for somebody
> > else to change the contents after the checksum was computed.
>
> For my 2c, at least, I don't think we need to check the directory
> permissions, but I wouldn't object to including a warning if they're set
> such that PG won't start. I suppose +0 for "warn if they are such that
> PG won't start".
I was thinking of that check not being just at the top-level, but in
subdirectories too. It's easy to screw up the top and subdirectory
permissions in different ways, e.g. when manually creating the database
dir and then restoring a data directory directly into that. IIRC
postmaster doesn't check that at start.
Greetings,
Andres Freund