On Fri, Mar 22, 2019 at 11:42 AM Michael Paquier <mich...@paquier.xyz> wrote:
> On Thu, Mar 21, 2019 at 02:56:24PM -0400, Robert Haas wrote: > > On Tue, Mar 19, 2019 at 2:29 AM Michael Paquier <mich...@paquier.xyz> > wrote: > >> Hm. We have been assuming that the contents of a base backup inherit > >> the permission of the source when using pg_basebackup because this > >> allows users to keep a nodes in a consistent state without deciding > >> which option to use. Do you mean that you would like to enforce the > >> permissions of only the root directory if it exists? Or the root > >> directory with all its contents? The former may be fine. The latter > >> is definitely not. > > > > Why not? > > Because we have released v11 so as we respect the permissions set on > the source instead from which the backup is taken for all the folder's > content. If we begin to enforce it we may break some cases. If a new > option is introduced, it seems to me that the default should remain > what has been released with v11, but that it is additionally possible > to enforce group permissions or non-group permissions at will on the > backup taken for all the contents in the data folder, including the > root folder, created manually or not before running the pg_basebackup > command. > How about letting the pg_basebackup to decide group permissions of the standby directory irrespective of the primary directory permissions. Default - permissions are same as primary --allow-group-access - standby directory have group access permissions --no-group--access - standby directory doesn't have group permissions The last two options behave irrespective of the primary directory permissions. opinions? Regards, Haribabu Kommi Fujitsu Australia
