On 3/10/17 8:12 AM, Stephen Frost wrote:
> Peter,
> * Peter Eisentraut (peter.eisentr...@2ndquadrant.com) wrote:
>> On 2/28/17 20:58, David Steele wrote:
>>> This patch introduces a new initdb param, -u/-file-mode-mask, and a new
>>> GUC, file_mode_mask, to allow the default mode of files and directories
>>> in the $PGDATA directory to be modified.
>> The postmaster.pid file appears not to observe the configured mask.
> Good point, it should.

Leaving the mask on this file as-is was intentional.  At miscinit.c:829:

/* Think not to make the file protection weaker than 0600.  See comments
below. */

At miscinit.c:893:

/* We can treat the EPERM-error case as okay because that error implies
that the existing process has a different userid than we do, which means
it cannot be a competing postmaster.  A postmaster cannot successfully
attach to a data directory owned by a userid other than its own.  (This
is now checked directly in checkDataDir(), but has been true for a long
time because of the restriction that the data directory isn't group- or
world-accessible.)  Also, since we create the lockfiles mode 600, we'd
have failed above if the lockfile belonged to another userid --- which
means that whatever process kill() is reporting about isn't the one that
made the lockfile.  (NOTE: this last consideration is the only one that
keeps us from blowing away a Unix socket file belonging to an instance
of Postgres being run by someone else, at least on machines where /tmp
hasn't got a stickybit.) */

I can't see why this explanation does not continue to hold even if
permissions for other files are changed.  For the use cases I envision,
I don't think being able to read/manipulate postmaster.pid is important,
only to detect that it is present.

>> There ought to be a test, perhaps under src/bin/initdb/, to check for
>> that kind of thing.
> Good idea.

Agreed, will add to next patch.

> >> There is no documentation update for initdb.

The --file-mode-mask option was added to the option list, but you are
probably referring to a paragraph under description.  Will add to the
next patch.


Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to