Обсуждение: ssl file permission

The following documentation comment has been logged on the website:

Page: https://www.postgresql.org/docs/12/libpq-ssl.html
Description:

The instruction to use "chmod og-rwx" could leave the file with read
permission set.  Elsewhere the suggestion is "chmod 600".



On Sat, Sep 26, 2020 at 1:23 PM PG Doc comments form <noreply@postgresql.org> wrote:

The following documentation comment has been logged on the website:

Page: https://www.postgresql.org/docs/12/libpq-ssl.html
Description:

The instruction to use "chmod og-rwx" could leave the file with read
permission set.  Elsewhere the suggestion is "chmod 600".

Not sure what you mean here -- how could it leave it with read permission set?

(Obviously it could for the owner, but 0600 also includes read permissions for the owner)

That said, it might be a good idea to be consistent since we seem to use a mix of different styles of chmod.

--

 Magnus Hagander
 Me: https://www.hagander.net/
 Work: https://www.redpill-linpro.com/

Rob Sargent <robjsargent@gmail.com> writes:
> Sorry. Execute permission for owner may have been on prior to chmod og-rwx .  I thought that might be a problem and
600eliminates that 

It seems highly unlikely that openssl would write the file with x
permission turned on.  Even if it did, there's no particular
reason for us to insist on changing it.

>> That said, it might be a good idea to be consistent since we seem to use a mix of different styles of chmod.

There is that.  But I think the "og-rwx" style is more recommendable,
if we're going to try to standardize.

            regards, tom lane