Bug 124457 - [patch] databases/postgresql83-server - databases/postgresql8x-server's periodic backup script don't set the umask properly
Summary: [patch] databases/postgresql83-server - databases/postgresql8x-server's perio...
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Palle Girgensohn
Depends on:
Reported: 2008-06-10 20:30 UTC by Alexandre Perrin
Modified: 2008-06-19 14:04 UTC (History)
1 user (show)

See Also:

file.diff (1.11 KB, patch)
2008-06-10 20:30 UTC, Alexandre Perrin
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Alexandre Perrin 2008-06-10 20:30:01 UTC
files/502.pgsql act as a backup script if daily_pgsql_backup_enable is enable (daily_pgsql_backup_enable="YES") in /etc/periodic.conf or /etc/periodic.conf.local. In the script (run as root) the umask is set to 077 to protect the backup files but the problem is that all postgresql command are run as pgsql user with su(1) and the -l (login) option and then the umask is set to default (022 on my system).

Here are the first relevant lines:
57     # Protect the data
58     umask 077
59     dbnames=`su -l pgsql -c "psql -q -t -A -d template1 -c SELECT\ datname\ FROM\ pg_database\ WHERE\ datname!=\'template0\'"`

Fix: I ranked this bug as non-critical because the permissions on /usr/local/pgsql/backups are properly set at creation.

Here is a patch which ensure a proper umask before each su(1) command. It's maybe not the perfect fix, but it works. chmod'ing files juste after backup isn't a good solution because the file is world readable between the creation (pg_dump) and the chmod command. 
How-To-Repeat: install any of the databases/postgresql8x-server, then look at the /usr/local/etc/periodic/daily/502.pgsql file.
try to make a backup (set daily_pgsql_backup_enable="YES" in /etc/periodic.conf or /etc/periodic.conf.local, then run the script as root).
check the permission on /usr/local/pgsql/backups/pgdump* files.
Comment 1 Edwin Groothuis freebsd_committer 2008-06-10 23:14:10 UTC
Responsible Changed
From-To: freebsd-ports-bugs->girgen

Over to maintainer (via the GNATS Auto Assign Tool)
Comment 2 dfilter service freebsd_committer 2008-06-13 00:46:13 UTC
girgen      2008-06-12 23:46:07 UTC

  FreeBSD ports repository

  Modified files:
    databases/postgresql74-client Makefile 
    databases/postgresql74-server Makefile distinfo 
    databases/postgresql74-server/files 502.pgsql 
    databases/postgresql80-client Makefile 
    databases/postgresql80-server Makefile distinfo 
    databases/postgresql80-server/files 502.pgsql 
    databases/postgresql81-client Makefile 
    databases/postgresql81-server Makefile distinfo 
    databases/postgresql81-server/files 502.pgsql 
    databases/postgresql82-client Makefile 
    databases/postgresql82-server Makefile distinfo 
    databases/postgresql82-server/files 502.pgsql 
    databases/postgresql83-client Makefile 
    databases/postgresql83-server Makefile distinfo 
    databases/postgresql83-server/files 502.pgsql 
  Updates of the PostgreSQL ports
  Updates for all maintained versions of PostgreSQL are available today:
  8.3.3, 8.2.9, 8.1.13, 8.0.17 and 7.4.21.  These releases fix more than
  two dozen minor issues reported and patched over the last few months.
  All PostgreSQL users should plan to update at their earliest
  convenience. People in affected time zones, in particular, should
  upgrade as soon as possible.
  Release Notes:
  Also, fix umask error in periodic script [1].
  PR:             ports/124457 [1]
  Submitted by:   Alexandre Perrin
  Revision  Changes    Path
  1.7       +0 -1      ports/databases/postgresql74-client/Makefile
  1.157     +2 -3      ports/databases/postgresql74-server/Makefile
  1.51      +3 -3      ports/databases/postgresql74-server/distinfo
  1.8       +4 -4      ports/databases/postgresql74-server/files/502.pgsql
  1.8       +0 -1      ports/databases/postgresql80-client/Makefile
  1.174     +6 -13     ports/databases/postgresql80-server/Makefile
  1.63      +6 -6      ports/databases/postgresql80-server/distinfo
  1.8       +4 -4      ports/databases/postgresql80-server/files/502.pgsql
  1.13      +3 -0      ports/databases/postgresql80-server/pkg-plist-server
  1.7       +0 -1      ports/databases/postgresql81-client/Makefile
  1.177     +6 -13     ports/databases/postgresql81-server/Makefile
  1.61      +3 -3      ports/databases/postgresql81-server/distinfo
  1.8       +4 -4      ports/databases/postgresql81-server/files/502.pgsql
  1.13      +3 -0      ports/databases/postgresql81-server/pkg-plist-server
  1.8       +0 -1      ports/databases/postgresql82-client/Makefile
  1.178     +1 -2      ports/databases/postgresql82-server/Makefile
  1.59      +3 -3      ports/databases/postgresql82-server/distinfo
  1.9       +4 -4      ports/databases/postgresql82-server/files/502.pgsql
  1.13      +3 -0      ports/databases/postgresql82-server/pkg-plist-server
  1.4       +0 -1      ports/databases/postgresql83-client/Makefile
  1.186     +2 -3      ports/databases/postgresql83-server/Makefile
  1.66      +6 -6      ports/databases/postgresql83-server/distinfo
  1.9       +4 -4      ports/databases/postgresql83-server/files/502.pgsql
  1.18      +3 -0      ports/databases/postgresql83-server/pkg-plist-server
cvs-all@freebsd.org mailing list
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 3 Palle Girgensohn freebsd_committer 2008-06-19 14:04:23 UTC
State Changed
From-To: open->closed

Committed. Thanks!