On Mon, Sep 8, 2025 at 11:20 AM Paul Ohlhauser <[email protected]> wrote: > And I propose one or more of the following solutions: > - 1. Make the warning clearer by stating that passfile is ignored (B) > - 2. Change the warning to be an error (A,B) > - 3. Allow group permissions (C) > - 4. Just warn, don't ignore (A,B,C) > > Option 4 is the easiest and the patch I submitted but does not seem to be > well received > Option 1 is the bare minimum IMO - it's still not great though > I'd like to see options 2 & 3 (same behavior as SSH)
I think clarifying the warning is probably an acceptable change as long as the new wording is equally clear and doesn't add much to the length of the message. Of course, I don't have the only vote here. Changing the warning to an error wouldn't bother me a great deal, but we'd probably need more than just you voting for that alternative to justify overturning longstanding behavior. I don't really know what I think about allowing group permissions. It's reasonable in the sense that we have an option to allow that for $PGDATA, but OTOH we have no real understanding of Windows permissions or Linux ACLs or SELinux security constraints, so that idea that we can force "safe" permissions is a little bit laughable. -- Robert Haas EDB: http://www.enterprisedb.com
