On Fri, Mar 29, 2019 at 6:05 AM Peter Eisentraut <peter.eisentr...@2ndquadrant.com> wrote: > On 2019-03-26 03:26, Michael Paquier wrote: > > Do we really want to extend the replication protocol to control that? > > Perhaps we are losing sight of the original problem, which is that if > you create the target directory with the wrong permissions then ... it > has the wrong permissions. And you are free to change the permissions > at any time. Many of the proposed solutions sound excessively > complicated relative to that.
I don't think I agree with that characterization of the problem. I mean, what do you mean by "wrong"? Perhaps you created the directory with the "right" permissions, i.e. those you actually wanted, and then pg_basebackup rather rudely insisted on ignoring them when it decided how to set the permissions for the files inside that directory. On the other hand, perhaps you wished to abdicate responsibility for security decisions to whatever rule pg_basebackup uses, and it rather rudely didn't bother to enforce that decision on the top level directory, forcing you to think about a question you had decided to ignore. I am not sure what solution is best here, but it is hard to imagine that the status quo is the right thing. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company
