Re: pgsql: Prevent running pg_basebackup as root

2020-02-07 Thread Stephen Frost
Greetings, * Michael Paquier (mich...@paquier.xyz) wrote: > On Thu, Feb 06, 2020 at 09:44:07AM -0500, Stephen Frost wrote: > > Erm- no, with -Ft + untar-as-root they get owned by "postgres", NOT the > > original user. That's what I was pointing out up-thread (since it seems > > to be confusing- a

Re: pgsql: Prevent running pg_basebackup as root

2020-02-06 Thread Ian Barwick
On 2020/02/07 11:07, Andres Freund wrote: Hi, On 2020-02-06 13:02:07 +0100, Magnus Hagander wrote: I agree with Stephen that this seems to be misguided, and my vote is to revert. +1. I honestly don't think we should increase the number of "root disallowed" tools unless actually necessary. Ma

Re: pgsql: Prevent running pg_basebackup as root

2020-02-06 Thread Andres Freund
Hi, On 2020-02-06 13:02:07 +0100, Magnus Hagander wrote: > I agree with Stephen that this seems to be misguided, and my vote is > to revert. +1. I honestly don't think we should increase the number of "root disallowed" tools unless actually necessary. Maybe that's looking too far into the future

Re: pgsql: Prevent running pg_basebackup as root

2020-02-06 Thread Michael Paquier
On Thu, Feb 06, 2020 at 09:44:07AM -0500, Stephen Frost wrote: > * Magnus Hagander (mag...@hagander.net) wrote: >> On Thu, Feb 6, 2020 at 8:04 AM Michael Paquier wrote: >>> You have a point with -Ft as untaring the tarballs from a base backup >>> taken with pg_basebackup -Ft used by root generates

Re: pgsql: Prevent running pg_basebackup as root

2020-02-06 Thread Stephen Frost
Greetings, * Magnus Hagander (mag...@hagander.net) wrote: > On Thu, Feb 6, 2020 at 8:04 AM Michael Paquier wrote: > > > > On Wed, Feb 05, 2020 at 12:22:59PM -0500, Stephen Frost wrote: > > > In any case, sorry for not responding on this sooner (was traveling for > > > FOSDEM and such), but I'm no

Re: pgsql: Prevent running pg_basebackup as root

2020-02-06 Thread Magnus Hagander
On Thu, Feb 6, 2020 at 8:04 AM Michael Paquier wrote: > > On Wed, Feb 05, 2020 at 12:22:59PM -0500, Stephen Frost wrote: > > In any case, sorry for not responding on this sooner (was traveling for > > FOSDEM and such), but I'm not really convinced this is something we want > > and it certainly bre

Re: pgsql: Prevent running pg_basebackup as root

2020-02-05 Thread Michael Paquier
On Wed, Feb 05, 2020 at 12:22:59PM -0500, Stephen Frost wrote: > In any case, sorry for not responding on this sooner (was traveling for > FOSDEM and such), but I'm not really convinced this is something we want > and it certainly breaks at least somewhat reasonable use-cases when you > think about

Re: pgsql: Prevent running pg_basebackup as root

2020-02-05 Thread Stephen Frost
Greetings, * Michael Paquier (mich...@paquier.xyz) wrote: > Prevent running pg_basebackup as root > > Similarly to pg_upgrade, pg_ctl and initdb, a root user is able to use > --version and --help, but cannot execute the actual operation to avoid > the creation of files with permissions incompatib