On Sat, Mar 23, 2019 at 2:23 AM Peter Eisentraut < peter.eisentr...@2ndquadrant.com> wrote:
> On 2019-03-22 05:00, Michael Paquier wrote: > > On Fri, Mar 22, 2019 at 02:45:24PM +1100, Haribabu Kommi wrote: > >> How about letting the pg_basebackup to decide group permissions of the > >> standby directory irrespective of the primary directory permissions. > >> > >> Default - permissions are same as primary > >> --allow-group-access - standby directory have group access permissions > >> --no-group--access - standby directory doesn't have group permissions > >> > >> The last two options behave irrespective of the primary directory > >> permissions. > > > > Yes, I'd imagine that we would want to be able to define three > > different behaviors, by either having a set of options, or a sinple > > option with a switch, say --group-access: > > - "inherit" causes the permissions to be inherited from the source > > node, and that's the default. > > - "none" enforces the default 0700/0600. > > - "group" enforces group read access. > > Yes, we could use those three behaviors. > Thanks for all your opinions, here I attached an updated patch as discussed. New option -g --group-mode is added to pg_basebackup to specify the group access permissions. inherit - same permissions as source instance (default) none - No group permissions irrespective of source instance group - group permissions irrespective of source instance With the above additional options, the pg_basebackup is able to control the access permissions of the backup files, but when it comes to tar mode all the files are sent from the server and stored as it is in backup, to support tar mode group access mode control, the BASE BACKUP protocol is enhanced with new option GROUP_MODE 'none' or GROUP_MODE 'group' to control the file permissions before they are sent to backup. Sending GROUP_MODE to the server depends on the -g option received to the pg_basebackup utility. comments? Regards, Haribabu Kommi Fujitsu Australia
0001-New-pg_basebackup-g-option-to-control-the-group-acce.patch
Description: Binary data
