On 4/6/18 6:04 PM, David Steele wrote:
> On 4/6/18 3:02 PM, Stephen Frost wrote:
>>
>> - Further discussion in the commit messages
>
> Agreed, these need some more work. I'm happy to do that but I'll need a
> bit more time. Have a look at the new patches and I'll work on some
> better messages.
I'm sure you'll want to reword some things, but I think these commit
messages capture the essential changes for each patch.
01: Refactor file permissions in backend/frontend
Consolidate directory and file create permissions by adding a new module
(common/file_perm.c) that contains variables (pg_file_create_mode,
pg_dir_create_mode) and constants to initialize them (0600 for files and
0700 for directories).
Convert mkdir() calls in the backend to MakePGDirectory() if the
original call used default permissions (always the case for regular PG
directories).
Add tests to make sure permissions in PGDATA are set correctly by the
front-end tools.
Author: David Steele <david@pgmasters.net>
Reviewed-By: Michael Paquier, with discussion amongst many others.
Discussion:
https://postgr.es/m/ad346fe6-b23e-59f1-ecb7-0e08390ad629%40pgmasters.net
02: Allow group access on PGDATA
Allow the cluster to be optionally init'd with read access for the
group. This means a relatively non-privileged user can perform a backup
of the cluster without requiring write privileges, which enhances security.
The mode of PGDATA is used to determine whether group permissions are
enabled for directory and file creates. This method was chosen because
there are a number of front-end utilities that write into PGDATA but not
all of them read pg_control and none of them load GUCS.
Changing the mode of PGDATA manually will not automatically change the
mode of all the files contained therein. If the user would like to
enable group access on an existing cluster then changing the mode of the
existing files will be required. Note that pg_upgrade will
automatically change the mode of all migrated files if the new cluster
is init'd with the -g option.
Tests are included for the backend and all front-end utilities to ensure
that the correct mode is set based on the PGDATA permissions.
Author: David Steele <david@pgmasters.net>
Reviewed-By: Michael Paquier, with discussion amongst many others.
Discussion:
https://postgr.es/m/https://www.postgresql.org/message-id/ad346fe6-b23e-59f1-ecb7-0e08390ad629%40pgmasters.net
Thanks!
--
-David
david@pgmasters.net