Yesterday I "apt upgrade"d patroni (to version 1.6.0-1.pgdg18.04+1 from http://apt.postgresql.org/pub/repos/apt bionic-pgdg/main). Today I noticed that I couldn't invoke psql as an unprivileged user anymore: % psql Error: Invalid data directory for cluster 11 main Further investigation showed that the read permissions on /etc/.../postgresql.conf were revoked at the time of the upgrade. Either by a post-install script or maybe by patroni itself, when it started up again. This leads me to two questions: 1) Is there a reason to restrict read access to postgresql.conf to the user postgres? AFAIK this file doesn't normally contain sensitive data (unlike pg_hba.conf and pg_ident.conf which are restricted by default). 2) Why does psql need to read postgresql.conf, and more specifically, why does it care about the location of the data directory? It shouldn't access files directly, just talk to the server via the socket. hp -- _ | Peter J. Holzer | we build much bigger, better disasters now |_|_) | | because we have much more sophisticated | | | hjp@xxxxxx | management tools. __/ | http://www.hjp.at/ | -- Ross Anderson <https://www.edge.org/>
Attachment:
signature.asc
Description: PGP signature
