mirror of
https://github.com/postgres/postgres.git
synced 2025-07-02 09:02:37 +03:00
Allow group access on PGDATA
Allow the cluster to be optionally init'd with read access for the group. This means a relatively non-privileged user can perform a backup of the cluster without requiring write privileges, which enhances security. The mode of PGDATA is used to determine whether group permissions are enabled for directory and file creates. This method was chosen as it's simple and works well for the various utilities that write into PGDATA. Changing the mode of PGDATA manually will not automatically change the mode of all the files contained therein. If the user would like to enable group access on an existing cluster then changing the mode of all the existing files will be required. Note that pg_upgrade will automatically change the mode of all migrated files if the new cluster is init'd with the -g option. Tests are included for the backend and all the utilities which operate on the PG data directory to ensure that the correct mode is set based on the data directory permissions. Author: David Steele <david@pgmasters.net> Reviewed-By: Michael Paquier, with discussion amongst many others. Discussion: https://postgr.es/m/ad346fe6-b23e-59f1-ecb7-0e08390ad629%40pgmasters.net
This commit is contained in:
@ -153,6 +153,7 @@ extern PGDLLIMPORT bool IsBinaryUpgrade;
|
||||
extern PGDLLIMPORT bool ExitOnAnyError;
|
||||
|
||||
extern PGDLLIMPORT char *DataDir;
|
||||
extern PGDLLIMPORT int data_directory_mode;
|
||||
|
||||
extern PGDLLIMPORT int NBuffers;
|
||||
extern PGDLLIMPORT int MaxBackends;
|
||||
@ -323,6 +324,7 @@ extern void SetSessionAuthorization(Oid userid, bool is_superuser);
|
||||
extern Oid GetCurrentRoleId(void);
|
||||
extern void SetCurrentRoleId(Oid roleid, bool is_superuser);
|
||||
|
||||
extern void checkDataDir(void);
|
||||
extern void SetDataDir(const char *dir);
|
||||
extern void ChangeToDataDir(void);
|
||||
|
||||
|
Reference in New Issue
Block a user