Comments (4)
orgrim
commented on May 30, 2024
Hello,
Indeed, permissions are not explicitly set on backups, so one can end up with backup directories that are partly readable.
I guess the simplest way to deal with it is to make backup directories only accessible by the user who created them. This would be nice for security and would avoid spending time trying to put correct permissions everywhere.
What do you think?
from pitrery.
LaetitiaAvrot
commented on May 30, 2024
Well, you're absolutely right. Permissions on folders should be set so that no one except the backup creator can see them.
I don't see this recommendation in the prerequisites. Maybe you should add them.
But what I see in code seems not satisfying (to me and I might be wrong)
if [ "$out_rc" != 0 ]; then
echo "!!! This backup may be imcomplete or corrupted !!!"
fi
There is nothing to test permission. Whatever the error is, the message is the same and states there is corruption or incomplete backup.
from pitrery.
orgrim
commented on May 30, 2024
Commit 3888a9a restrict the permissions with a chmod 700 at backup time and a check of the permissions in list.
orgrim@serfouette:r10 $ sudo -u postgres pitrery -c r10 list
List of backups on localhost
ERROR: acces denied to /home/pgsql/pitrery/r10/2017.10.18_22.05.57
ERROR: acces denied to /home/pgsql/pitrery/r10/2018.01.08_14.32.23
Regards
from pitrery.
LaetitiaAvrot
commented on May 30, 2024
Perfect
from pitrery.
Related Issues (20)
- restore_wal bash < 4.2 error
- Use local circleci HOT 2
- Migration issue : `archive_xlog` directory not renamed
- Infinite loop while checking the wals HOT 3
- Change in behaviour while restoring, between PG 11 & 12
- Add a note about difference between Pitrery and Wal-g in documentation? HOT 2
- Abort purge if we have a "permission denied" on the backups HOT 6
- Create backup_manifest files on backup
- Error out when check cannot do -An or -Bn HOT 5
- be more strict about what we consider a valid backup directory HOT 4
- Add a timeout for archive_wal HOT 1
- FATAL: Could not write pitrery.conf: directory is not writable and other error HOT 4
- pitrery restore: WARNING: could not get the ending timestamp HOT 4
- Update man pages
- Never mind HOT 1
- Storing PGPASSFILE environment variable in configuration file HOT 1
- Add Timeline & WAL location or checkpoint from pg_controldata in output and list
- check command thinks that the remote target directory does not exist
- *_xlog to *_wal: warn about script name change HOT 1
- Add non regression tests HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pitrery.