PostgreSQL 会自动加强 表空间目录的权限控制吗?-问答-阿里云开发者社区-阿里云

开发者社区> 问答> 正文

PostgreSQL 会自动加强 表空间目录的权限控制吗?

德哥 2016-01-15 09:48:54 3172

我在创建表空间时,表空间的目录权限自动变成700了,为什么呢?

关系型数据库 数据安全/隐私保护 PostgreSQL
分享到
取消 提交回答
全部回答(2)
  • 德哥
    2019-07-17 18:24:38
    已采纳

    你好,PostgreSQL是会自动将表空间的目录权限修改为S_IRWXU的,即

           S_IRWXU  00700 user (file owner) has read, write and execute permission
    

    代码:
    src/backend/commands/tablespace.c

    /*
     * create_tablespace_directories
     *
     *      Attempt to create filesystem infrastructure linking $PGDATA/pg_tblspc/
     *      to the specified directory
     */
    static void
    create_tablespace_directories(const char *location, const Oid tablespaceoid)
    {
            char       *linkloc;
            char       *location_with_version_dir;
            struct stat st;
    
            linkloc = psprintf("pg_tblspc/%u", tablespaceoid);
            location_with_version_dir = psprintf("%s/%s", location,
                                                                                     TABLESPACE_VERSION_DIRECTORY);
    
            /*
             * Attempt to coerce target directory to safe permissions.  If this fails,
             * it doesn't exist or has the wrong owner.
             */
            if (chmod(location, S_IRWXU) != 0)
            {
                    if (errno == ENOENT)
                            ereport(ERROR,
                                            (errcode(ERRCODE_UNDEFINED_FILE),
                                             errmsg("directory \"%s\" does not exist", location),
                                             InRecovery ? errhint("Create this directory for the tablespace before "
                                                                                      "restarting the server.") : 0));
                    else
                            ereport(ERROR,
                                            (errcode_for_file_access(),
                                      errmsg("could not set permissions on directory \"%s\": %m",
                                                     location)));
            }
    
            if (InRecovery)
            {
                    /*
                     * Our theory for replaying a CREATE is to forcibly drop the target
                     * subdirectory if present, and then recreate it. This may be more
                     * work than needed, but it is simple to implement.
                     */
                    if (stat(location_with_version_dir, &st) == 0 && S_ISDIR(st.st_mode))
                    {
                            if (!rmtree(location_with_version_dir, true))
                                    /* If this failed, mkdir() below is going to error. */
                                    ereport(WARNING,
                                                    (errmsg("some useless files may be left behind in old database directory \"%s\"",
                                                                    location_with_version_dir)));
                    }
            }
    
            /*
             * The creation of the version directory prevents more than one tablespace
             * in a single location.
             */
            if (mkdir(location_with_version_dir, S_IRWXU) < 0)
            {
                    if (errno == EEXIST)
                            ereport(ERROR,
                                            (errcode(ERRCODE_OBJECT_IN_USE),
                                             errmsg("directory \"%s\" already in use as a tablespace",
                                                            location_with_version_dir)));
                    else
                            ereport(ERROR,
                                            (errcode_for_file_access(),
                                             errmsg("could not create directory \"%s\": %m",
                                                            location_with_version_dir)));
            }
    
            /*
             * In recovery, remove old symlink, in case it points to the wrong place.
             */
            if (InRecovery)
                    remove_tablespace_symlink(linkloc);
    
            /*
             * Create the symlink under PGDATA
             */
            if (symlink(location, linkloc) < 0)
                    ereport(ERROR,
                                    (errcode_for_file_access(),
                                     errmsg("could not create symbolic link \"%s\": %m",
                                                    linkloc)));
    
            pfree(linkloc);
            pfree(location_with_version_dir);
    }
    1 0
  • jason丶
    2019-07-17 18:24:39

    学习下 膜拜下

    0 0
添加回答
数据库
使用钉钉扫一扫加入圈子
+ 订阅

分享数据库前沿,解构实战干货,推动数据库技术变革

推荐文章
相似问题