diff options
| author | Stephen Frost <sfrost@snowman.net> | 2018-04-07 17:45:39 -0400 |
|---|---|---|
| committer | Stephen Frost <sfrost@snowman.net> | 2018-04-07 17:45:39 -0400 |
| commit | da9b580d89903fee871cf54845ffa2b26bda2e11 (patch) | |
| tree | c2538c675c15e973c662e58a94fdecd77aa06b2a /src/backend/postmaster | |
| parent | 499be013de65242235ebdde06adb08db887f0ea5 (diff) | |
| download | postgresql-da9b580d89903fee871cf54845ffa2b26bda2e11.tar.gz postgresql-da9b580d89903fee871cf54845ffa2b26bda2e11.zip | |
Refactor dir/file permissions
Consolidate directory and file create permissions for tools which work
with the PG data directory by adding a new module (common/file_perm.c)
that contains variables (pg_file_create_mode, pg_dir_create_mode) and
constants to initialize them (0600 for files and 0700 for directories).
Convert mkdir() calls in the backend to MakePGDirectory() if the
original call used default permissions (always the case for regular PG
directories).
Add tests to make sure permissions in PGDATA are set correctly by the
tools which modify the PG data directory.
Authors: David Steele <david@pgmasters.net>,
Adam Brightwell <adam.brightwell@crunchydata.com>
Reviewed-By: Michael Paquier, with discussion amongst many others.
Discussion: https://postgr.es/m/ad346fe6-b23e-59f1-ecb7-0e08390ad629%40pgmasters.net
Diffstat (limited to 'src/backend/postmaster')
| -rw-r--r-- | src/backend/postmaster/postmaster.c | 7 | ||||
| -rw-r--r-- | src/backend/postmaster/syslogger.c | 5 |
2 files changed, 7 insertions, 5 deletions
diff --git a/src/backend/postmaster/postmaster.c b/src/backend/postmaster/postmaster.c index 3dfb87d7019..10afecffb37 100644 --- a/src/backend/postmaster/postmaster.c +++ b/src/backend/postmaster/postmaster.c @@ -97,6 +97,7 @@ #include "access/xlog.h" #include "bootstrap/bootstrap.h" #include "catalog/pg_control.h" +#include "common/file_perm.h" #include "common/ip.h" #include "lib/ilist.h" #include "libpq/auth.h" @@ -589,7 +590,7 @@ PostmasterMain(int argc, char *argv[]) /* * for security, no dir or file created can be group or other accessible */ - umask(S_IRWXG | S_IRWXO); + umask(PG_MODE_MASK_OWNER); /* * Initialize random(3) so we don't get the same values in every run. @@ -4490,9 +4491,9 @@ internal_forkexec(int argc, char *argv[], Port *port) { /* * As in OpenTemporaryFileInTablespace, try to make the temp-file - * directory + * directory, ignoring errors. */ - mkdir(PG_TEMP_FILES_DIR, S_IRWXU); + (void) MakePGDirectory(PG_TEMP_FILES_DIR); fp = AllocateFile(tmpfilename, PG_BINARY_W); if (!fp) diff --git a/src/backend/postmaster/syslogger.c b/src/backend/postmaster/syslogger.c index f70eea37df9..58b759f305f 100644 --- a/src/backend/postmaster/syslogger.c +++ b/src/backend/postmaster/syslogger.c @@ -41,6 +41,7 @@ #include "postmaster/postmaster.h" #include "postmaster/syslogger.h" #include "storage/dsm.h" +#include "storage/fd.h" #include "storage/ipc.h" #include "storage/latch.h" #include "storage/pg_shmem.h" @@ -322,7 +323,7 @@ SysLoggerMain(int argc, char *argv[]) /* * Also, create new directory if not present; ignore errors */ - mkdir(Log_directory, S_IRWXU); + (void) MakePGDirectory(Log_directory); } if (strcmp(Log_filename, currentLogFilename) != 0) { @@ -564,7 +565,7 @@ SysLogger_Start(void) /* * Create log directory if not present; ignore errors */ - mkdir(Log_directory, S_IRWXU); + (void) MakePGDirectory(Log_directory); /* * The initial logfile is created right in the postmaster, to verify that |