NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commit7d7435c

committed

Make current_logfiles use permissions assigned to files in data directory

Since its introduction in19dc233, current_logfiles has been assignedthe same permissions as a log file, which can be enforced withlog_file_mode. This setup can lead to incompatibility problems withgroup access permissions as current_logfiles is not located in the logdirectory, but at the root of the data folder. Hence, if grouppermissions are used but log_file_mode is more restrictive, a backupwith a user in the group having read access could fail even if the logdirectory is located outside of the data folder.Per discussion with the folks mentioned below, we have concluded thatcurrent_logfiles should not be treated as a log file as it only storesmetadata related to log files, and that it should use the samepermissions as all other files in the data directory. This solution hasthe merit to be simple and fixes all the interaction problems betweengroup access and log_file_mode.Author: Haribabu KommiReviewed-by: Stephen Frost, Robert Haas, Tom Lane, Michael PaquierDiscussion:https://postgr.es/m/CAJrrPGcEotF1P7AWoeQyD3Pqr-0xkQg_Herv98DjbaMj+naozw@mail.gmail.comBackpatch-through: 11, where group access has been added.

1 parente319f03 commit7d7435cCopy full SHA for 7d7435c

File tree

1 file changed

+19

-2

lines changed

src/backend/postmaster
- syslogger.c

1 file changed

+19

-2

lines changed

`‎src/backend/postmaster/syslogger.c`

Lines changed: 19 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -31,6 +31,7 @@`
`31`	`31`	`#include<sys/stat.h>`
`32`	`32`	`#include<sys/time.h>`
`33`	`33`
	`34`	`+#include"common/file_perm.h"`
`34`	`35`	`#include"lib/stringinfo.h"`
`35`	`36`	`#include"libpq/pqsignal.h"`
`36`	`37`	`#include"miscadmin.h"`
`@@ -1440,12 +1441,14 @@ set_next_rotation_time(void)`
`1440`	`1441`	`* log messages. Useful for finding the name(s) of the current log file(s)`
`1441`	`1442`	`* when there is time-based logfile rotation. Filenames are stored in a`
`1442`	`1443`	`* temporary file and which is renamed into the final destination for`
`1443`		`- * atomicity.`
	`1444`	`+ * atomicity. The file is opened with the same permissions as what gets`
	`1445`	`+ * created in the data directory and has proper buffering options.`
`1444`	`1446`	`*/`
`1445`	`1447`	`staticvoid`
`1446`	`1448`	`update_metainfo_datafile(void)`
`1447`	`1449`	`{`
`1448`	`1450`	`FILE*fh;`
	`1451`	`+mode_toumask;`
`1449`	`1452`
`1450`	`1453`	`if (!(Log_destination&LOG_DESTINATION_STDERR)&&`
`1451`	`1454`	`!(Log_destination&LOG_DESTINATION_CSVLOG))`
`@@ -1458,7 +1461,21 @@ update_metainfo_datafile(void)`
`1458`	`1461`	`return;`
`1459`	`1462`	`}`
`1460`	`1463`
`1461`		`-if ((fh=logfile_open(LOG_METAINFO_DATAFILE_TMP,"w", true))==NULL)`
	`1464`	`+/* use the same permissions as the data directory for the new file */`
	`1465`	`+oumask=umask(pg_mode_mask);`
	`1466`	`+fh=fopen(LOG_METAINFO_DATAFILE_TMP,"w");`
	`1467`	`+umask(oumask);`
	`1468`	`+`
	`1469`	`+if (fh)`
	`1470`	`+{`
	`1471`	`+setvbuf(fh,NULL,PG_IOLBF,0);`
	`1472`	`+`
	`1473`	`+#ifdefWIN32`
	`1474`	`+/* use CRLF line endings on Windows */`
	`1475`	`+_setmode(_fileno(fh),_O_TEXT);`
	`1476`	`+#endif`
	`1477`	`+}`
	`1478`	`+else`
`1462`	`1479`	`{`
`1463`	`1480`	`ereport(LOG,`
`1464`	`1481`	`(errcode_for_file_access(),`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit7d7435c

File tree

1 file changed

1 file changed

`‎src/backend/postmaster/syslogger.c`

0 commit comments