On Thu, Mar 21, 2019 at 02:56:24PM -0400, Robert Haas wrote:
> On Tue, Mar 19, 2019 at 2:29 AM Michael Paquier <michael@paquier.xyz> wrote:
>> Hm. We have been assuming that the contents of a base backup inherit
>> the permission of the source when using pg_basebackup because this
>> allows users to keep a nodes in a consistent state without deciding
>> which option to use. Do you mean that you would like to enforce the
>> permissions of only the root directory if it exists? Or the root
>> directory with all its contents? The former may be fine. The latter
>> is definitely not.
>
> Why not?
Because we have released v11 so as we respect the permissions set on
the source instead from which the backup is taken for all the folder's
content. If we begin to enforce it we may break some cases. If a new
option is introduced, it seems to me that the default should remain
what has been released with v11, but that it is additionally possible
to enforce group permissions or non-group permissions at will on the
backup taken for all the contents in the data folder, including the
root folder, created manually or not before running the pg_basebackup
command.
How about letting the pg_basebackup to decide group permissions of the
standby directory irrespective of the primary directory permissions.
Default - permissions are same as primary
--allow-group-access - standby directory have group access permissions
--no-group--access - standby directory doesn't have group permissions
The last two options behave irrespective of the primary directory permissions.
opinions?
Regards,
Haribabu Kommi
Fujitsu Australia