On Thu, Feb 14, 2019 at 06:34:07PM +1100, Haribabu Kommi wrote:
> we have an application that is used to create the data directory with

Well, initdb would do that happily, so there is no actual any need to
do that to begin with.  Anyway..

> owner access (0700), but with initdb group permissions option, it
> automatically
> converts to (0750) by the initdb. But pg_basebackup doesn't change it when
> it tries to do a backup from a group access server.

So that's basically the opposite of the case I was thinking about,
where you create a path for a base backup with permissions strictly
higher than 700, say 755, and the base backup path does not have
enough restrictions.  And in your case the permissions are too
restrictive because of the application creating the folder itself but
they should be relaxed if group access is enabled.  Actually, that's
something that we may want to do consistently across all branches.  If
an application calls pg_basebackup after creating a path, they most
likely change the permissions anyway to allow the postmaster to
start.
--
Michael

Attachment: signature.asc
Description: PGP signature

Reply via email to