Hi, On 2020-03-27 17:44:07 -0400, Stephen Frost wrote: > * Andres Freund (and...@anarazel.de) wrote: > > On 2020-03-27 15:20:27 -0400, Robert Haas wrote: > > > On Fri, Mar 27, 2020 at 2:29 AM Andres Freund <and...@anarazel.de> wrote: > > > > Hm. Should this warn if the directory's permissions are set too openly > > > > (world writable?)? > > > > > > I don't think so, but it's pretty clear that different people have > > > different ideas about what the scope of this tool ought to be, even in > > > this first version. > > > > Yea. I don't have a strong opinion on this specific issue. I was mostly > > wondering because I've repeatedly seen people restore backups with world > > readable properties, and with that it's obviously possible for somebody > > else to change the contents after the checksum was computed. > > For my 2c, at least, I don't think we need to check the directory > permissions, but I wouldn't object to including a warning if they're set > such that PG won't start. I suppose +0 for "warn if they are such that > PG won't start".
I was thinking of that check not being just at the top-level, but in subdirectories too. It's easy to screw up the top and subdirectory permissions in different ways, e.g. when manually creating the database dir and then restoring a data directory directly into that. IIRC postmaster doesn't check that at start. Greetings, Andres Freund
