What do people think of pg_upgrade setting its umask to 0077 so the log and SQL files are only readable by the postgres user?
-rwx------ 1 postgres postgres 41 Mar 9 09:59 delete_old_cluster.sh* -rw------- 1 postgres postgres 6411 Mar 8 21:56 pg_upgrade_dump_all.sql -rw------- 1 postgres postgres 5651 Mar 8 21:56 pg_upgrade_dump_db.sql -rw------- 1 postgres postgres 738 Mar 8 21:56 pg_upgrade_dump_globals.sql -rw------- 1 postgres postgres 1669 Mar 8 21:56 pg_upgrade_internal.log -rw------- 1 postgres postgres 1667 Mar 8 21:56 pg_upgrade_restore.log -rw------- 1 postgres postgres 1397 Mar 8 21:56 pg_upgrade_server.log -rw------- 1 postgres postgres 385 Mar 8 21:56 pg_upgrade_utility.log The umask would also affect files it copies like clog and the data files, but those already have only postgres permissions. The downside is that users running pg_upgrade with 'su' or 'RUNAS' would need to use those to inspect the log files for errors. FYI, delete_old_cluster.sh probably has to be run as root, but root seems able to run an executable that it doesn't own. I am thinking it isn't worth the complexity of using umask and restricting those files, but wanted opinions. -- Bruce Momjian <br...@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + It's impossible for everything to be true. + -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
