Hi, On 2020-02-07 11:08:48 -0500, Chapman Flack wrote: > Just saw this in a PG 11.6 cluster starting a recovery: > > 2020-02-07 10:45:40 EST FATAL: 42501: could not open file > "backup_label": Permission denied > 2020-02-07 10:45:40 EST LOCATION: fsync_fname_ext, fd.c:3531
Well, we generally assume that files in the data directory are writable, with a very few exceptions. And we do need to be able rename backup_label to backup_label.old. Which strictly speaking doesn't require write permissions on the file - but I assume that's what triggers the issue here. There's IIRC platforms that don't like fsyncing files with a O_RDONLY fd, so if we want to rename safely (which entails fsyncing beforehand), we don't have much choice. > I had assumed the label file would be treated as readonly > during recovery. It is IIRC documented that it does get renamed... > If the file needs to have 0600 permissions, should there be > a note in the nonexclusive-mode backup docs to say so? I'm not convinced that that's useful. The default is that everything needs to be writable by postgres. The exceptions should be noted if anything, not the default. Greetings, Andres Freund
