Bug#1062204: Newly-created clusters have restrictive postgresql.conf permissions

Wed, 31 Jan 2024 09:33:18 -0800 

Package: patroni
Version: 3.2.2-1
When Patroni creates a new PostgreSQL cluster, the postgresql.conf file in /etc/patroni/<version>/<cluster> ends up without world read permission. This means that tools that use pg_wrapper (such as /usr/bin/psql) can't find the cluster's port number and don't work by default. 

I think this problem was introduced by this upstream commit:

https://github.com/zalando/patroni/commit/01d07f86cd525c0f324074ee026faf6d7f179839


But I'm not sure if it's an upstream bug, or a latent flaw in the Debian 
packaging.



To reproduce:

On a fresh Debian system, install patroni, postgresql, and etcd-server.

Configure /etc/patroni/dcs.yml as shown below.

# systemctl stop postgresql@16-main
# pg_dropcluster 16 main
# pg_createconfig_patroni 16 test
# systemctl start patroni@16-test
# pg_isready
/var/run/postgresql/:5432 - accepting connections
# adduser user
(press Return lots)
# su - user
$ pg_isready
Error: Invalid data directory for cluster 16 test


If I change the permissions on /etc/postgresql/16/test/postgresql.conf 
from 600 to 644 then pg_isready works as the unprivileged user.



-- System Information:
Debian Release: trixie/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.6.13-amd64 (SMP w/1 CPU thread; PREEMPT)

Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB:en

Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages patroni depends on:
ii  python3                3.11.6-1
ii  python3-cdiff          1.0-1.1
ii  python3-click          8.1.6-1
ii  python3-dateutil       2.8.2-3
ii  python3-etcd           0.4.5-4
ii  python3-pkg-resources  68.1.2-2
ii  python3-prettytable    3.6.0-1
ii  python3-psutil         5.9.8-1
ii  python3-psycopg2       2.9.9-1+b1
ii  python3-urllib3        1.26.18-2
ii  python3-yaml           6.0.1-2

Versions of packages patroni recommends:
ii  iproute2  6.7.0-2

Versions of packages patroni suggests:
ii  etcd-server  3.4.23-4+b8
pn  haproxy      <none>
pn  patroni-doc  <none>
ii  postgresql   16+256
pn  vip-manager  <none>

-- Configuration Files:
/etc/patroni/dcs.yml changed:
etcd3:
  host: 127.0.0.1:2379


-- no debconf information























					Reply via email to