On 3/10/17 8:34 AM, Stephen Frost wrote:
> Greetings,
> * Tsunakawa, Takayuki (tsunakawa.ta...@jp.fujitsu.com) wrote:
>> From: pgsql-hackers-ow...@postgresql.org
>>> [mailto:pgsql-hackers-ow...@postgresql.org] On Behalf Of David Steele
>>> PostgreSQL currently requires the file mode mask (umask) to be 0077.
>>> However, this precludes the possibility of a user in the postgres group
>>> performing a backup (or whatever).  Now that
>>> pg_start_backup()/pg_stop_backup() privileges can be delegated to an
>>> unprivileged user, it makes sense to also allow a (relatively) unprivileged
>>> user to perform the backup at the file system level as well.
>> I'd like to help review this.  First, let me give some questions and 
>> comments.

Much appreciated!

>> 3.The default location of the SSL key file is $PGDATA, so the permission of 
>> the key file is likely to become 0640.  But the current postgres requires it 
>> to be 0600.  See src/backend/libpq/be-secure-openssl.c.
> Yes, that needs to be addressed.  There was discussion on another thread
> that it would be useful to support the SSL key file having group read
> access, but since this patch is handling the other files it seems like
> it would make sense to do that change here also.

Perhaps, but since these files are not setup by initdb I'm not sure if
we should be handling their permissions.  This seems to be a
distro-specific issue.

It seems to me that it would be best to advise in the docs that these
files should be relocated if they won't be readable by the backup user.
In any event, I'm not convinced that backing up server private keys is a
good idea.

>> 5.I think some explanation about the concept of multiple OS users is 
>> necessary, such as here:
>> 16.1. Short Version
>> https://www.postgresql.org/docs/devel/static/install-short.html
>> 18.2. Creating a Database Cluster
>> https://www.postgresql.org/docs/devel/static/creating-cluster.html
> I agree that we should update the documention for this, including those.

We'll add that to the next patch.


Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to