From 7bae0ad9fcb76b28410571dc71edfdc3175c4a02 Mon Sep 17 00:00:00 2001
From: Michael Paquier <michael@paquier.xyz>
Date: Sat, 1 Feb 2020 18:30:25 +0900
Subject: [PATCH] Prevent running pg_basebackup as root

Similarly to pg_upgrade, pg_ctl and initdb, a root user is able to use
--version and --help, but cannot execute the actual operation to avoid
the creation of files with permissions incompatible with the
postmaster.

This is a behavior change, so not back-patching is done.

Author: Ian Barwick
Discussion: https://postgr.es/m/CABvVfJVqOdD2neLkYdygdOHvbWz_5K_iWiqY+psMfA=FeAa3qQ@mail.gmail.com
---
 src/bin/pg_basebackup/pg_basebackup.c | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/src/bin/pg_basebackup/pg_basebackup.c b/src/bin/pg_basebackup/pg_basebackup.c
index 238b671f7ae..556a0af9160 100644
--- a/src/bin/pg_basebackup/pg_basebackup.c
+++ b/src/bin/pg_basebackup/pg_basebackup.c
@@ -2077,6 +2077,22 @@ main(int argc, char **argv)
 		}
 	}
 
+	/*
+	 * Don't allow pg_basebackup to be run as root, to avoid creating files in
+	 * the data directory with ownership rights incompatible with the
+	 * postmaster.
+	 */
+#ifndef WIN32
+	if (geteuid() == 0)			/* 0 is root's uid */
+	{
+		pg_log_error("cannot be run as root");
+		fprintf(stderr,
+				_("Please log in (using, e.g., \"su\") as the (unprivileged) user that will\n"
+				  "own the server process.\n"));
+		exit(1);
+	}
+#endif
+
 	atexit(cleanup_directories_atexit);
 
 	while ((c = getopt_long(argc, argv, "CD:F:r:RS:T:X:l:nNzZ:d:c:h:p:U:s:wWkvP",