pg_back icon indicating copy to clipboard operation
pg_back copied to clipboard

Published 20 hours ago verified publisher icon orgrim

Add an option to configure permission on dump

Open l00ptr opened this issue 10 months ago • 4 comments

We add an option / configuration item to define the permissions for the dumps created with pg_back. We reuse / configure the 0600 permissions by default to ensure some compatibility with the old (non configurable) approach.

We probably need to discuss and improve what we should do for the parent directory when using 'd' for the dump format. Currently we still apply the 0700 mode in such situation, but maybe we should define a specific option or reuse the one we add right now.

l00ptr avatar Jan 24 '25 17:01 l00ptr

Hi @orgrim,

This MR try to implement https://github.com/orgrim/pg_back/issues/132

I still want to improve it before some feedback about the code itself, but I think we should discuss about what we should do whith the parent directory when using the 'd' format and also we should also handle the situation where pg_back users simply want pg_back to use/respect the umask. What do you think we should do about those cases ?

Best regards, Julian

l00ptr avatar Jan 24 '25 17:01 l00ptr

Hi @l00ptr, thanks a lot for taking care of this.

After a quick look: some lead on the default mode and how to "handle umask" would be to keep the current 0o600 mode for compatibility and use a negative value use to let the umask apply, since it ends up being store as a integer. What do you think?

On the directory format, I need to confirm if we are currently consistent on the permissions of all extra files, as this question applies to checksum files and others as well. I would expect the mode to be set once and applied everywhere.

While I need to test the patch, it looks promising.

Regards

orgrim avatar Jan 25 '25 10:01 orgrim

After a quick look: some lead on the default mode and how to "handle umask" would be to keep the current 0o600 mode for compatibility and use a negative value use to let the umask apply, since it ends up being store as a integer. What do you think?

Hi @l00ptr, thanks a lot for taking care of this.

After a quick look: some lead on the default mode and how to "handle umask" would be to keep the current 0o600 mode for compatibility and use a negative value use to let the umask apply, since it ends up being store as a integer. What do you think?

good idea, done within the fixup.

On the directory format, I need to confirm if we are currently consistent on the permissions of all extra files, as this question applies to checksum files and others as well. I would expect the mode to be set once and applied everywhere.

I'll also look into how checksums (files) are generated and written (and how file permissions are set for them).

While I need to test the patch, it looks promising.

Regards

l00ptr avatar Jan 27 '25 07:01 l00ptr

i have done some modification to also handle changing permission on hash and encrypted files. directory permission still probably need some improvement. @orgrim could you make a first overall review on this ?

Best regards,

l00ptr avatar Feb 06 '25 15:02 l00ptr

Hi @orgrim

How can i help to test and integrate that MR ? What can I provide to help you on this ?

Best regards, J.

l00ptr avatar Mar 10 '25 09:03 l00ptr

This fixes #132

Also, do not hesitate to rebase, the CI is fixed in the master branch

orgrim avatar Apr 20 '25 21:04 orgrim