On Sun, Jan 17, 2016 at 01:49:19PM -0500, Stephen Frost wrote: > * Bruce Momjian (br...@momjian.us) wrote: > > > pgbackrest: > > > > > > To run pgbackrest as a non-superuser and not the 'postgres' system > > > user, grant the pg_backup role to the backrest user and ensure the > > > backrest system user has read access to the database files (eg: by > > > having the system user be a member of the 'postgres' group): > > ------ > > > > Just to clarify, the 'postgres' OS user group cannot read the data > > directory, e.g. > > > > drwx------ 19 postgres staff 4096 Jan 17 12:19 data/ > > ^^^group > > > > I assume we don't want to change that. > > This is going to be distribution dependent, unfortunately. On > Debian-based distributions, the group is 'postgres' and it'd be > perfectly reasonable to allow that group to read the data directory.
Well, while the group name would be OS-dependent, the lack of any group permisions in not OS-dependent and is forced by initdb: umask(S_IRWXG | S_IRWXO); create_data_directory(); > I don't recall offhand if that means we'd have to make changes to allow > that, but, for my 2c, I don't see why we wouldn't allow it to be an > option. OK, that would be an initdb change then. -- Bruce Momjian <br...@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + As you are, so once was I. As I am, so you will be. + + Roman grave inscription + -- Sent via pgsql-hackers mailing list (firstname.lastname@example.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers