From d8ba3dfb0b3385350d512fd6d56c83c244c98016 Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Sun, 21 Nov 1999 04:16:17 +0000 Subject: [PATCH] Change backend-side COPY to write files with permissions 644 not 666 (whoever thought world-writable files were a good default????). Modify the pg_pwd code so that pg_pwd is created with 600 permissions. Modify initdb so that permissions on a pre-existing PGDATA directory are not blindly accepted: if the dir is already there, it does chmod go-rwx to be sure that the permissions are OK and the dir actually is owned by postgres. --- src/backend/commands/copy.c | 13 +++++++++---- src/backend/commands/user.c | 35 ++++++++++++++++++++++------------- src/backend/tcop/utility.c | 8 ++++++-- src/bin/initdb/initdb.sh | 10 +++++++++- src/include/commands/copy.h | 6 +++--- 5 files changed, 49 insertions(+), 23 deletions(-) diff --git a/src/backend/commands/copy.c b/src/backend/commands/copy.c index ada751c37f..cac94cebad 100644 --- a/src/backend/commands/copy.c +++ b/src/backend/commands/copy.c @@ -6,7 +6,7 @@ * * * IDENTIFICATION - * $Header: /cvsroot/pgsql/src/backend/commands/copy.c,v 1.89 1999/09/27 20:00:44 momjian Exp $ + * $Header: /cvsroot/pgsql/src/backend/commands/copy.c,v 1.90 1999/11/21 04:16:17 tgl Exp $ * *------------------------------------------------------------------------- */ @@ -214,12 +214,12 @@ CopyDonePeek(FILE *fp, int c, int pickup) /* - * DoCopy executes a the SQL COPY statement. + * DoCopy executes the SQL COPY statement. */ void DoCopy(char *relname, bool binary, bool oids, bool from, bool pipe, - char *filename, char *delim) + char *filename, char *delim, int fileumask) { /*---------------------------------------------------------------------------- Either unload or reload contents of class , depending on . @@ -234,6 +234,11 @@ DoCopy(char *relname, bool binary, bool oids, bool from, bool pipe, If in the text format, delimit columns with delimiter . + is the umask(2) setting to use while creating an output file. + This should usually be more liberal than the backend's normal 077 umask, + but not always (in particular, "pg_pwd" should be written with 077!). + Up through version 6.5, was always 000, which was foolhardy. + When loading in the text format from an input stream (as opposed to a file), recognize a "." on a line by itself as EOF. Also recognize a stream EOF. When unloading in the text format to an output stream, @@ -316,7 +321,7 @@ DoCopy(char *relname, bool binary, bool oids, bool from, bool pipe, { mode_t oumask; /* Pre-existing umask value */ - oumask = umask((mode_t) 0); + oumask = umask((mode_t) fileumask); #ifndef __CYGWIN32__ fp = AllocateFile(filename, "w"); #else diff --git a/src/backend/commands/user.c b/src/backend/commands/user.c index 76b028f7ee..8b5956bad1 100644 --- a/src/backend/commands/user.c +++ b/src/backend/commands/user.c @@ -5,7 +5,7 @@ * * Copyright (c) 1994, Regents of the University of California * - * $Id: user.c,v 1.35 1999/09/27 16:44:50 momjian Exp $ + * $Id: user.c,v 1.36 1999/11/21 04:16:16 tgl Exp $ * *------------------------------------------------------------------------- */ @@ -20,6 +20,7 @@ #include "catalog/catname.h" #include "catalog/pg_database.h" #include "catalog/pg_shadow.h" +#include "commands/copy.h" #include "commands/user.h" #include "libpq/crypt.h" #include "miscadmin.h" @@ -43,7 +44,7 @@ static void CheckPgUserAclNotNull(void); *--------------------------------------------------------------------- */ static void -UpdatePgPwdFile(char *sql, CommandDest dest) +UpdatePgPwdFile(void) { char *filename, *tempname; @@ -60,16 +61,22 @@ UpdatePgPwdFile(char *sql, CommandDest dest) snprintf(tempname, bufsize, "%s.%d", filename, MyProcPid); /* - * Copy the contents of pg_shadow to the pg_pwd ASCII file using a the - * SEPCHAR character as the delimiter between fields. Then rename the - * file to its final name. + * Copy the contents of pg_shadow to the pg_pwd ASCII file using the + * SEPCHAR character as the delimiter between fields. Make sure the + * file is created with mode 600 (umask 077). + */ + DoCopy(ShadowRelationName, /* relname */ + false, /* binary */ + false, /* oids */ + false, /* from */ + false, /* pipe */ + tempname, /* filename */ + CRYPT_PWD_FILE_SEPCHAR, /* delim */ + 0077); /* fileumask */ + /* + * And rename the temp file to its final name, deleting the old pg_pwd. */ - snprintf(sql, SQL_LENGTH, - "copy %s to '%s' using delimiters %s", - ShadowRelationName, tempname, CRYPT_PWD_FILE_SEPCHAR); - pg_exec_query_dest(sql, dest, false); rename(tempname, filename); - pfree((void *) tempname); /* * Create a flag file the postmaster will detect the next time it @@ -78,6 +85,8 @@ UpdatePgPwdFile(char *sql, CommandDest dest) */ filename = crypt_getpwdreloadfilename(); creat(filename, S_IRUSR | S_IWUSR); + + pfree((void *) tempname); } /*--------------------------------------------------------------------- @@ -203,7 +212,7 @@ DefineUser(CreateUserStmt *stmt, CommandDest dest) * we can be sure no other backend will try to write the flat * file at the same time. */ - UpdatePgPwdFile(sql, dest); + UpdatePgPwdFile(); /* * Now we can clean up. @@ -313,7 +322,7 @@ AlterUser(AlterUserStmt *stmt, CommandDest dest) * we can be sure no other backend will try to write the flat * file at the same time. */ - UpdatePgPwdFile(sql, dest); + UpdatePgPwdFile(); /* * Now we can clean up. @@ -446,7 +455,7 @@ RemoveUser(char *user, CommandDest dest) * we can be sure no other backend will try to write the flat * file at the same time. */ - UpdatePgPwdFile(sql, dest); + UpdatePgPwdFile(); /* * Now we can clean up. diff --git a/src/backend/tcop/utility.c b/src/backend/tcop/utility.c index 6035c89b2e..3b2660a270 100644 --- a/src/backend/tcop/utility.c +++ b/src/backend/tcop/utility.c @@ -9,7 +9,7 @@ * * * IDENTIFICATION - * $Header: /cvsroot/pgsql/src/backend/tcop/utility.c,v 1.71 1999/10/26 03:12:36 momjian Exp $ + * $Header: /cvsroot/pgsql/src/backend/tcop/utility.c,v 1.72 1999/11/21 04:16:16 tgl Exp $ * *------------------------------------------------------------------------- */ @@ -268,7 +268,11 @@ ProcessUtility(Node *parsetree, * than to/from a file. */ stmt->filename, - stmt->delimiter); + stmt->delimiter, + /* + * specify 022 umask while writing files with COPY. + */ + 0022); } break; diff --git a/src/bin/initdb/initdb.sh b/src/bin/initdb/initdb.sh index 63733a5f7e..8e9847c422 100644 --- a/src/bin/initdb/initdb.sh +++ b/src/bin/initdb/initdb.sh @@ -26,7 +26,7 @@ # # # IDENTIFICATION -# $Header: /cvsroot/pgsql/src/bin/initdb/Attic/initdb.sh,v 1.61 1999/10/06 21:58:12 vadim Exp $ +# $Header: /cvsroot/pgsql/src/bin/initdb/Attic/initdb.sh,v 1.62 1999/11/21 04:16:15 tgl Exp $ # #------------------------------------------------------------------------- @@ -293,6 +293,11 @@ else echo mkdir $PGDATA if [ $? -ne 0 ]; then exit 5; fi + else + echo "Fixing permissions on pre-existing $PGDATA" + echo + chmod go-rwx $PGDATA + if [ $? -ne 0 ]; then exit 5; fi fi if [ ! -d $PGDATA/base ]; then echo "Creating Postgres database system directory $PGDATA/base" @@ -411,8 +416,11 @@ PGSQL_OPT="-o /dev/null -O -F -Q -D$PGDATA" echo "Vacuuming template1" echo "vacuum" | postgres $PGSQL_OPT template1 > /dev/null +# Create the initial pg_pwd (flat-file copy of pg_shadow) echo "COPY pg_shadow TO '$PGDATA/pg_pwd' USING DELIMITERS '\\t'" | \ postgres $PGSQL_OPT template1 > /dev/null +# An ordinary COPY will leave the file too loosely protected. +chmod go-rw $PGDATA/pg_pwd echo "Creating public pg_user view" echo "CREATE TABLE pg_user ( \ diff --git a/src/include/commands/copy.h b/src/include/commands/copy.h index 5e4dc4f3d3..5e7355b7e9 100644 --- a/src/include/commands/copy.h +++ b/src/include/commands/copy.h @@ -6,7 +6,7 @@ * * Copyright (c) 1994, Regents of the University of California * - * $Id: copy.h,v 1.5 1999/02/13 23:21:18 momjian Exp $ + * $Id: copy.h,v 1.6 1999/11/21 04:16:17 tgl Exp $ * *------------------------------------------------------------------------- */ @@ -14,7 +14,7 @@ #define COPY_H -void DoCopy(char *relname, bool binary, bool oids, bool from, bool pipe, char *filename, - char *delim); +void DoCopy(char *relname, bool binary, bool oids, bool from, bool pipe, + char *filename, char *delim, int fileumask); #endif /* COPY_H */