diff options
| author | Stephen Frost <sfrost@snowman.net> | 2018-04-07 17:45:39 -0400 |
|---|---|---|
| committer | Stephen Frost <sfrost@snowman.net> | 2018-04-07 17:45:39 -0400 |
| commit | c37b3d08ca6873f9d4eaf24c72a90a550970cbb8 (patch) | |
| tree | a92cd4f79d20c4d002bd1f41af8bfe9507d92636 /src/include/common/file_perm.h | |
| parent | da9b580d89903fee871cf54845ffa2b26bda2e11 (diff) | |
| download | postgresql-c37b3d08ca6873f9d4eaf24c72a90a550970cbb8.tar.gz postgresql-c37b3d08ca6873f9d4eaf24c72a90a550970cbb8.zip | |
Allow group access on PGDATA
Allow the cluster to be optionally init'd with read access for the
group.
This means a relatively non-privileged user can perform a backup of the
cluster without requiring write privileges, which enhances security.
The mode of PGDATA is used to determine whether group permissions are
enabled for directory and file creates. This method was chosen as it's
simple and works well for the various utilities that write into PGDATA.
Changing the mode of PGDATA manually will not automatically change the
mode of all the files contained therein. If the user would like to
enable group access on an existing cluster then changing the mode of all
the existing files will be required. Note that pg_upgrade will
automatically change the mode of all migrated files if the new cluster
is init'd with the -g option.
Tests are included for the backend and all the utilities which operate
on the PG data directory to ensure that the correct mode is set based on
the data directory permissions.
Author: David Steele <david@pgmasters.net>
Reviewed-By: Michael Paquier, with discussion amongst many others.
Discussion: https://postgr.es/m/ad346fe6-b23e-59f1-ecb7-0e08390ad629%40pgmasters.net
Diffstat (limited to 'src/include/common/file_perm.h')
| -rw-r--r-- | src/include/common/file_perm.h | 24 |
1 files changed, 22 insertions, 2 deletions
diff --git a/src/include/common/file_perm.h b/src/include/common/file_perm.h index 37631a7191d..3090f789317 100644 --- a/src/include/common/file_perm.h +++ b/src/include/common/file_perm.h @@ -21,14 +21,34 @@ */ #define PG_MODE_MASK_OWNER (S_IRWXG | S_IRWXO) +/* + * Mode mask for data directory permissions that also allows group read/execute. + */ +#define PG_MODE_MASK_GROUP (S_IWGRP | S_IRWXO) + /* Default mode for creating directories */ #define PG_DIR_MODE_OWNER S_IRWXU +/* Mode for creating directories that allows group read/execute */ +#define PG_DIR_MODE_GROUP (S_IRWXU | S_IRGRP | S_IXGRP) + /* Default mode for creating files */ #define PG_FILE_MODE_OWNER (S_IRUSR | S_IWUSR) +/* Mode for creating files that allows group read */ +#define PG_FILE_MODE_GROUP (S_IRUSR | S_IWUSR | S_IRGRP) + /* Modes for creating directories and files in the data directory */ -extern int pg_dir_create_mode; -extern int pg_file_create_mode; +extern int pg_dir_create_mode; +extern int pg_file_create_mode; + +/* Mode mask to pass to umask() */ +extern int pg_mode_mask; + +/* Set permissions and mask based on the provided mode */ +extern void SetDataDirectoryCreatePerm(int dataDirMode); + +/* Set permissions and mask based on the mode of the data directory */ +extern bool GetDataDirectoryCreatePerm(const char *dataDir); #endif /* FILE_PERM_H */ |