Permissions on postgresql.conf, psql and patroni

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Permissions on postgresql.conf, psql and patroni

Peter J. Holzer
Yesterday I "apt upgrade"d patroni (to version 1.6.0-1.pgdg18.04+1 from
http://apt.postgresql.org/pub/repos/apt bionic-pgdg/main).

Today I noticed that I couldn't invoke psql as an unprivileged user
anymore:

% psql
Error: Invalid data directory for cluster 11 main

Further investigation showed that the read permissions on
/etc/.../postgresql.conf were revoked at the time of the upgrade. Either
by a post-install script or maybe by patroni itself, when it started up
again.

This leads me to two questions:

1) Is there a reason to restrict read access to postgresql.conf to the
   user postgres? AFAIK this file doesn't normally contain sensitive data
   (unlike pg_hba.conf and pg_ident.conf which are restricted by default).

2) Why does psql need to read postgresql.conf, and more specifically,
   why does it care about the location of the data directory? It
   shouldn't access files directly, just talk to the server via the
   socket.

        hp

--
   _  | Peter J. Holzer    | we build much bigger, better disasters now
|_|_) |                    | because we have much more sophisticated
| |   | [hidden email]         | management tools.
__/   | http://www.hjp.at/ | -- Ross Anderson <https://www.edge.org/>

signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Permissions on postgresql.conf, psql and patroni

Daniel Verite
        Peter J. Holzer wrote:

> 2) Why does psql need to read postgresql.conf, and more specifically,
>   why does it care about the location of the data directory? It
>   shouldn't access files directly, just talk to the server via the
>   socket.

It's not psql itself, it's pg_wrapper.

$ ls -l /usr/bin/psql
lrwxrwxrwx 1 root root 37 Aug  8 12:48 /usr/bin/psql ->
../share/postgresql-common/pg_wrapper

See http://manpages.ubuntu.com/manpages/bionic/man1/pg_wrapper.1.html


Best regards,
--
Daniel Vérité
PostgreSQL-powered mailer: http://www.manitou-mail.org
Twitter: @DanielVerite


Reply | Threaded
Open this post in threaded view
|

Re: Permissions on postgresql.conf, psql and patroni

Tom Lane-2
In reply to this post by Peter J. Holzer
"Peter J. Holzer" <[hidden email]> writes:
> Yesterday I "apt upgrade"d patroni (to version 1.6.0-1.pgdg18.04+1 from
> http://apt.postgresql.org/pub/repos/apt bionic-pgdg/main).
> Today I noticed that I couldn't invoke psql as an unprivileged user
> anymore:
> % psql
> Error: Invalid data directory for cluster 11 main

FYI, there's no such error string in the core Postgres sources.
I imagine that it's coming from some wrapper script.

> 1) Is there a reason to restrict read access to postgresql.conf to the
>    user postgres?

Probably not, though it only matters if you keep that outside the
data directory.

> 2) Why does psql need to read postgresql.conf, and more specifically,
>    why does it care about the location of the data directory?

psql itself won't/doesn't.  I suspect you're dealing with a wrapper
that is trying to figure out which version of psql to invoke.

                        regards, tom lane


Reply | Threaded
Open this post in threaded view
|

Re: Permissions on postgresql.conf, psql and patroni

Peter J. Holzer
On 2019-09-09 13:29:38 +0200, Daniel Verite wrote:

> Peter J. Holzer wrote:
> > 2) Why does psql need to read postgresql.conf, and more specifically,
> >   why does it care about the location of the data directory? It
> >   shouldn't access files directly, just talk to the server via the
> >   socket.
>
> It's not psql itself, it's pg_wrapper.
>
> $ ls -l /usr/bin/psql
> lrwxrwxrwx 1 root root 37 Aug  8 12:48 /usr/bin/psql ->
> ../share/postgresql-common/pg_wrapper
>
> See http://manpages.ubuntu.com/manpages/bionic/man1/pg_wrapper.1.html
Ah, thanks.


On 2019-09-09 10:03:57 -0400, Tom Lane wrote:

> "Peter J. Holzer" <[hidden email]> writes:
> > Yesterday I "apt upgrade"d patroni (to version 1.6.0-1.pgdg18.04+1 from
> > http://apt.postgresql.org/pub/repos/apt bionic-pgdg/main).
> > Today I noticed that I couldn't invoke psql as an unprivileged user
> > anymore:
> > % psql
> > Error: Invalid data directory for cluster 11 main
>
> FYI, there's no such error string in the core Postgres sources.
> I imagine that it's coming from some wrapper script.
Yep. Daniel shoved me into the right direction. The message is from
PgCommon.pm, used by pg_wrapper.

It's a good thing both packages are maintained by the same team. Saves
the discussion who's going to fix it :-).

        hp


--
   _  | Peter J. Holzer    | we build much bigger, better disasters now
|_|_) |                    | because we have much more sophisticated
| |   | [hidden email]         | management tools.
__/   | http://www.hjp.at/ | -- Ross Anderson <https://www.edge.org/>

signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Permissions on postgresql.conf, psql and patroni

Peter J. Holzer
On 2019-09-09 19:15:19 +0200, Peter J. Holzer wrote:

> On 2019-09-09 10:03:57 -0400, Tom Lane wrote:
> > "Peter J. Holzer" <[hidden email]> writes:
> > > Yesterday I "apt upgrade"d patroni (to version 1.6.0-1.pgdg18.04+1
> > > from http://apt.postgresql.org/pub/repos/apt bionic-pgdg/main).
> > > Today I noticed that I couldn't invoke psql as an unprivileged user
> > > anymore:
> > > % psql
> > > Error: Invalid data directory for cluster 11 main
> >
> > FYI, there's no such error string in the core Postgres sources.
> > I imagine that it's coming from some wrapper script.
>
> Yep. Daniel shoved me into the right direction. The message is from
> PgCommon.pm, used by pg_wrapper.
>
> It's a good thing both packages are maintained by the same team. Saves
> the discussion who's going to fix it :-).
Since this issue is specific to the debian/ubuntu packages, I've opened
a ticket in redmine: https://redmine.postgresql.org/issues/4717 (as
suggested in the wiki).

        hp


--
   _  | Peter J. Holzer    | we build much bigger, better disasters now
|_|_) |                    | because we have much more sophisticated
| |   | [hidden email]         | management tools.
__/   | http://www.hjp.at/ | -- Ross Anderson <https://www.edge.org/>

signature.asc (849 bytes) Download Attachment