On 2019-Apr-03, Robert Haas wrote: > I am not sure what solution is best here, but it is hard to imagine > that the status quo is the right thing.
This patch has been dormant for months. There's been at lot of discussion but it doesn't seem conclusive; it doesn't look like we know what we actually want to do. Can I try to restart the discussion and see if we can get to an agreement, so that somebody can implement it? Failing that, it seems this patch would be Returned with Little Useful Feedback. There seem to be multiple fine points here: 1. We want to have initdb and pg_basebackup behave consistently. Maybe if we don't like that changing pg_basebackup would make it behave differently to initdb, then we ought to change both tools' default behavior, and give equivalent new options to both to select the other(s?) behavior(s?). So I talk about "the tool" referring to both initdb and pg_basebackup in the following. 2. Should the case of creating a new dir behave differently from using an existing directory? Probably for simplicity we want both cases to behave the same. I mean that if an existing dir has group privs and we choose that the default behavior is without group privs, then those would get removed unless a cmd line arg is given. Contrariwise if we choose that group perms are to be preserved if they exist, then we should create a new dir with group privs unless an option is given. 3. Sometimes we want to have the tool keep the permissions of an existing directory, but for pg_basebackup the user might sometimes want to preserve the permissions of upstream instead. It seems to me that we could choose the default to be the most secure behavior (which AFAICT is not to have any group perms), and if the user wants to preserve group perms in an existing dir (or give group perms to a directory created by the tool) they can pass a bespoke command line argument. I think ultimately this means that upstream privs would go ignored by pg_basebackup. Maybe we can add another cmdline option to enable preserving such. I hope I didn't completely misunderstand the thread -- always a possibility. -- Álvaro Herrera https://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
