Обсуждение: ssl file permission
The following documentation comment has been logged on the website: Page: https://www.postgresql.org/docs/12/libpq-ssl.html Description: The instruction to use "chmod og-rwx" could leave the file with read permission set. Elsewhere the suggestion is "chmod 600".
On Sat, Sep 26, 2020 at 1:23 PM PG Doc comments form <noreply@postgresql.org> wrote:
The following documentation comment has been logged on the website:
Page: https://www.postgresql.org/docs/12/libpq-ssl.html
Description:
The instruction to use "chmod og-rwx" could leave the file with read
permission set. Elsewhere the suggestion is "chmod 600".
(Obviously it could for the owner, but 0600 also includes read permissions for the owner)
That said, it might be a good idea to be consistent since we seem to use a mix of different styles of chmod.
--
Sorry. Execute permission for owner may have been on prior to chmod og-rwx . I thought that might be a problem and 600 eliminates that
On Sep 26, 2020, at 9:29 AM, Magnus Hagander <magnus@hagander.net> wrote:
On Sat, Sep 26, 2020 at 1:23 PM PG Doc comments form <noreply@postgresql.org> wrote:The following documentation comment has been logged on the website:
Page: https://www.postgresql.org/docs/12/libpq-ssl.html
Description:
The instruction to use "chmod og-rwx" could leave the file with read
permission set. Elsewhere the suggestion is "chmod 600".Not sure what you mean here -- how could it leave it with read permission set?(Obviously it could for the owner, but 0600 also includes read permissions for the owner)That said, it might be a good idea to be consistent since we seem to use a mix of different styles of chmod.--
Rob Sargent <robjsargent@gmail.com> writes: > Sorry. Execute permission for owner may have been on prior to chmod og-rwx . I thought that might be a problem and 600eliminates that It seems highly unlikely that openssl would write the file with x permission turned on. Even if it did, there's no particular reason for us to insist on changing it. >> That said, it might be a good idea to be consistent since we seem to use a mix of different styles of chmod. There is that. But I think the "og-rwx" style is more recommendable, if we're going to try to standardize. regards, tom lane