Permissions on postgresql.conf, psql and patroni
Yesterday I "apt upgrade"d patroni (to version 1.6.0-1.pgdg18.04+1 from
http://apt.postgresql.org/pub/repos/apt bionic-pgdg/main).
Today I noticed that I couldn't invoke psql as an unprivileged user
anymore:
% psql
Error: Invalid data directory for cluster 11 main
Further investigation showed that the read permissions on
/etc/.../postgresql.conf were revoked at the time of the upgrade. Either
by a post-install script or maybe by patroni itself, when it started up
again.
This leads me to two questions:
1) Is there a reason to restrict read access to postgresql.conf to the
user postgres? AFAIK this file doesn't normally contain sensitive data
(unlike pg_hba.conf and pg_ident.conf which are restricted by default).
2) Why does psql need to read postgresql.conf, and more specifically,
why does it care about the location of the data directory? It
shouldn't access files directly, just talk to the server via the
socket.
hp
--
_ | Peter J. Holzer | we build much bigger, better disasters now
|_|_) | | because we have much more sophisticated
| | | hjp@hjp.at | management tools.
__/ | http://www.hjp.at/ | -- Ross Anderson <https://www.edge.org/>
Peter J. Holzer wrote:
2) Why does psql need to read postgresql.conf, and more specifically,
why does it care about the location of the data directory? It
shouldn't access files directly, just talk to the server via the
socket.
It's not psql itself, it's pg_wrapper.
$ ls -l /usr/bin/psql
lrwxrwxrwx 1 root root 37 Aug 8 12:48 /usr/bin/psql ->
../share/postgresql-common/pg_wrapper
See http://manpages.ubuntu.com/manpages/bionic/man1/pg_wrapper.1.html
Best regards,
--
Daniel Vérité
PostgreSQL-powered mailer: http://www.manitou-mail.org
Twitter: @DanielVerite
"Peter J. Holzer" <hjp-pgsql@hjp.at> writes:
Yesterday I "apt upgrade"d patroni (to version 1.6.0-1.pgdg18.04+1 from
http://apt.postgresql.org/pub/repos/apt bionic-pgdg/main).
Today I noticed that I couldn't invoke psql as an unprivileged user
anymore:
% psql
Error: Invalid data directory for cluster 11 main
FYI, there's no such error string in the core Postgres sources.
I imagine that it's coming from some wrapper script.
1) Is there a reason to restrict read access to postgresql.conf to the
user postgres?
Probably not, though it only matters if you keep that outside the
data directory.
2) Why does psql need to read postgresql.conf, and more specifically,
why does it care about the location of the data directory?
psql itself won't/doesn't. I suspect you're dealing with a wrapper
that is trying to figure out which version of psql to invoke.
regards, tom lane
On 2019-09-09 13:29:38 +0200, Daniel Verite wrote:
Peter J. Holzer wrote:
2) Why does psql need to read postgresql.conf, and more specifically,
why does it care about the location of the data directory? It
shouldn't access files directly, just talk to the server via the
socket.It's not psql itself, it's pg_wrapper.
$ ls -l /usr/bin/psql
lrwxrwxrwx 1 root root 37 Aug 8 12:48 /usr/bin/psql ->
../share/postgresql-common/pg_wrapperSee http://manpages.ubuntu.com/manpages/bionic/man1/pg_wrapper.1.html
Ah, thanks.
On 2019-09-09 10:03:57 -0400, Tom Lane wrote:
"Peter J. Holzer" <hjp-pgsql@hjp.at> writes:
Yesterday I "apt upgrade"d patroni (to version 1.6.0-1.pgdg18.04+1 from
http://apt.postgresql.org/pub/repos/apt bionic-pgdg/main).
Today I noticed that I couldn't invoke psql as an unprivileged user
anymore:
% psql
Error: Invalid data directory for cluster 11 mainFYI, there's no such error string in the core Postgres sources.
I imagine that it's coming from some wrapper script.
Yep. Daniel shoved me into the right direction. The message is from
PgCommon.pm, used by pg_wrapper.
It's a good thing both packages are maintained by the same team. Saves
the discussion who's going to fix it :-).
hp
--
_ | Peter J. Holzer | we build much bigger, better disasters now
|_|_) | | because we have much more sophisticated
| | | hjp@hjp.at | management tools.
__/ | http://www.hjp.at/ | -- Ross Anderson <https://www.edge.org/>
Import Notes
Reply to msg id not found: 28297.1568037837@sss.pgh.pa.us925de979-955f-45c3-a680-7893bb4afb17@manitou-mail.org | Resolved by subject fallback
On 2019-09-09 19:15:19 +0200, Peter J. Holzer wrote:
On 2019-09-09 10:03:57 -0400, Tom Lane wrote:
"Peter J. Holzer" <hjp-pgsql@hjp.at> writes:
Yesterday I "apt upgrade"d patroni (to version 1.6.0-1.pgdg18.04+1
from http://apt.postgresql.org/pub/repos/apt bionic-pgdg/main).
Today I noticed that I couldn't invoke psql as an unprivileged user
anymore:
% psql
Error: Invalid data directory for cluster 11 mainFYI, there's no such error string in the core Postgres sources.
I imagine that it's coming from some wrapper script.Yep. Daniel shoved me into the right direction. The message is from
PgCommon.pm, used by pg_wrapper.It's a good thing both packages are maintained by the same team. Saves
the discussion who's going to fix it :-).
Since this issue is specific to the debian/ubuntu packages, I've opened
a ticket in redmine: https://redmine.postgresql.org/issues/4717 (as
suggested in the wiki).
hp
--
_ | Peter J. Holzer | we build much bigger, better disasters now
|_|_) | | because we have much more sophisticated
| | | hjp@hjp.at | management tools.
__/ | http://www.hjp.at/ | -- Ross Anderson <https://www.edge.org/>