Participants
PG Bug reporting form
PG Bug reporting form
Magnus Hagander
Magnus Hagander
Rob Sargent
Rob Sargent
Tom Lane
Tom Lane
Attachments
Show all attachments
Thread Outline
#1PG Bug reporting formPG Bug reporting form
Sep 25, 2020
#2Magnus HaganderMagnus Haganderto PG Bug reporting form (#1)
Sep 26, 2020
#3Rob SargentRob Sargentto Magnus Hagander (#2)
Sep 26, 2020
#4Tom LaneTom Laneto Rob Sargent (#3)
Sep 26, 2020

ssl file permission

Started by PG Bug reporting formover 5 years ago4 messagesdocs
Jump to latest
#1PG Bug reporting form
PG Bug reporting form
noreply@postgresql.org

The following documentation comment has been logged on the website:

Page: https://www.postgresql.org/docs/12/libpq-ssl.html
Description:

The instruction to use "chmod og-rwx" could leave the file with read
permission set. Elsewhere the suggestion is "chmod 600".

#2Magnus Hagander
Magnus Hagander
magnus@hagander.net
In reply to: PG Bug reporting form (#1)
Re: ssl file permission

On Sat, Sep 26, 2020 at 1:23 PM PG Doc comments form <noreply@postgresql.org>
wrote:

The following documentation comment has been logged on the website:

Page: https://www.postgresql.org/docs/12/libpq-ssl.html
Description:

The instruction to use "chmod og-rwx" could leave the file with read
permission set. Elsewhere the suggestion is "chmod 600".

Not sure what you mean here -- how could it leave it with read permission
set?

(Obviously it could for the owner, but 0600 also includes read permissions
for the owner)

That said, it might be a good idea to be consistent since we seem to use a
mix of different styles of chmod.

--
Magnus Hagander
Me: https://www.hagander.net/ <http://www.hagander.net/&gt;
Work: https://www.redpill-linpro.com/ <http://www.redpill-linpro.com/&gt;

#3Rob Sargent
Rob Sargent
robjsargent@gmail.com
In reply to: Magnus Hagander (#2)
Re: ssl file permission

Sorry. Execute permission for owner may have been on prior to chmod og-rwx . I thought that might be a problem and 600 eliminates that

Show quoted text

On Sep 26, 2020, at 9:29 AM, Magnus Hagander <magnus@hagander.net> wrote:



On Sat, Sep 26, 2020 at 1:23 PM PG Doc comments form <noreply@postgresql.org> wrote:
The following documentation comment has been logged on the website:

Page: https://www.postgresql.org/docs/12/libpq-ssl.html
Description:

The instruction to use "chmod og-rwx" could leave the file with read
permission set. Elsewhere the suggestion is "chmod 600".

Not sure what you mean here -- how could it leave it with read permission set?

(Obviously it could for the owner, but 0600 also includes read permissions for the owner)

That said, it might be a good idea to be consistent since we seem to use a mix of different styles of chmod.

--
Magnus Hagander
Me: https://www.hagander.net/
Work: https://www.redpill-linpro.com/

#4Tom Lane
Tom Lane
tgl@sss.pgh.pa.us
In reply to: Rob Sargent (#3)
Re: ssl file permission

Rob Sargent <robjsargent@gmail.com> writes:

Sorry. Execute permission for owner may have been on prior to chmod og-rwx . I thought that might be a problem and 600 eliminates that

It seems highly unlikely that openssl would write the file with x
permission turned on. Even if it did, there's no particular
reason for us to insist on changing it.

That said, it might be a good idea to be consistent since we seem to use a mix of different styles of chmod.

There is that. But I think the "og-rwx" style is more recommendable,
if we're going to try to standardize.

regards, tom lane

← Back to Topics