ssl file permission

2020-09-26 Thread PG Doc comments form 
The following documentation comment has been logged on the website:

Page: https://www.postgresql.org/docs/12/libpq-ssl.html
Description:

The instruction to use "chmod og-rwx" could leave the file with read
permission set.  Elsewhere the suggestion is "chmod 600".

Re: ssl file permission

2020-09-26 Thread Magnus Hagander 
On Sat, Sep 26, 2020 at 1:23 PM PG Doc comments form 
wrote:

> The following documentation comment has been logged on the website:
>
> Page: https://www.postgresql.org/docs/12/libpq-ssl.html
> Description:
>
> The instruction to use "chmod og-rwx" could leave the file with read
> permission set.  Elsewhere the suggestion is "chmod 600".
>

Not sure what you mean here -- how could it leave it with read permission
set?

(Obviously it could for the owner, but 0600 also includes read permissions
for the owner)

That said, it might be a good idea to be consistent since we seem to use a
mix of different styles of chmod.

-- 
 Magnus Hagander
 Me: https://www.hagander.net/ 
 Work: https://www.redpill-linpro.com/

Re: ssl file permission

2020-09-26 Thread Rob Sargent 
Sorry. Execute permission for owner may have been on prior to chmod og-rwx .  I 
thought that might be a problem and 600 eliminates that

> On Sep 26, 2020, at 9:29 AM, Magnus Hagander  wrote:
> 
> 
> 
> 
>> On Sat, Sep 26, 2020 at 1:23 PM PG Doc comments form 
>>  wrote:
>> The following documentation comment has been logged on the website:
>> 
>> Page: https://www.postgresql.org/docs/12/libpq-ssl.html
>> Description:
>> 
>> The instruction to use "chmod og-rwx" could leave the file with read
>> permission set.  Elsewhere the suggestion is "chmod 600".
> 
> 
> Not sure what you mean here -- how could it leave it with read permission set?
> 
> (Obviously it could for the owner, but 0600 also includes read permissions 
> for the owner)
> 
> That said, it might be a good idea to be consistent since we seem to use a 
> mix of different styles of chmod.
> 
> -- 
>  Magnus Hagander
>  Me: https://www.hagander.net/
>  Work: https://www.redpill-linpro.com/

Re: ssl file permission

2020-09-26 Thread Tom Lane 
Rob Sargent  writes:
> Sorry. Execute permission for owner may have been on prior to chmod og-rwx .  
> I thought that might be a problem and 600 eliminates that

It seems highly unlikely that openssl would write the file with x
permission turned on.  Even if it did, there's no particular
reason for us to insist on changing it.

>> That said, it might be a good idea to be consistent since we seem to use a 
>> mix of different styles of chmod.

There is that.  But I think the "og-rwx" style is more recommendable,
if we're going to try to standardize.

regards, tom lane