Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#1010291: postgresql-common: Does /var/log/postgresql really need chmod +t?
77 views
Skip to first unread message
Ross Vandegrift
Apr 27, 2022, 7:30:03 PM4/27/22
to
Package: postgresql-common
Version: 240
Severity: minor
Hello,
/var/log/postgresql has the sticky bit set, starting I think with
bullseye:
# ls -lad /var/log/postgresql/
drwxrwxr-t 2 root postgres 4096 Apr 27 23:11 /var/log/postgresql/
This causes some pain with file-based backups. In particular, `rsync -a
--inplace` is affected. Since the dir is sticky, rsync makes the backup
dir sticky. But since the files are not owned by root on the backup
target, even root will be prevented from overwriting them. A more
careful explanation can be found at [1].
Is the sticky bit really necessary here? I've worked around this with
dpkg-statoverride, but I don't understand why this dir is +t anyhow.
Thanks,
Ross
[1] https://superuser.com/questions/1708317/rsync-permissions-errors-at-destination-even-though-root-possibly-due-to-sticky
-- System Information:
Debian Release: 11.3
APT prefers stable-security
APT policy: (500, 'stable-security'), (500, 'stable'), (40, 'unstable'), (30, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 5.16.0 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages postgresql-common depends on:
ii adduser 3.118
ii debconf [debconf-2.0] 1.5.77
ii libjson-perl 4.03000-1
ii lsb-base 11.1.0
ii perl 5.32.1-4+deb11u2
pn postgresql-client-common <none>
ii ssl-cert 1.1.0+nmu1
ii ucf 3.0043
Versions of packages postgresql-common recommends:
ii e2fsprogs 1.46.2-2
ii logrotate 3.18.0-2
Versions of packages postgresql-common suggests:
ii libjson-perl 4.03000-1
Version: 240
Severity: minor
Hello,
/var/log/postgresql has the sticky bit set, starting I think with
bullseye:
# ls -lad /var/log/postgresql/
drwxrwxr-t 2 root postgres 4096 Apr 27 23:11 /var/log/postgresql/
This causes some pain with file-based backups. In particular, `rsync -a
--inplace` is affected. Since the dir is sticky, rsync makes the backup
dir sticky. But since the files are not owned by root on the backup
target, even root will be prevented from overwriting them. A more
careful explanation can be found at [1].
Is the sticky bit really necessary here? I've worked around this with
dpkg-statoverride, but I don't understand why this dir is +t anyhow.
Thanks,
Ross
[1] https://superuser.com/questions/1708317/rsync-permissions-errors-at-destination-even-though-root-possibly-due-to-sticky
-- System Information:
Debian Release: 11.3
APT prefers stable-security
APT policy: (500, 'stable-security'), (500, 'stable'), (40, 'unstable'), (30, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 5.16.0 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages postgresql-common depends on:
ii adduser 3.118
ii debconf [debconf-2.0] 1.5.77
ii libjson-perl 4.03000-1
ii lsb-base 11.1.0
ii perl 5.32.1-4+deb11u2
pn postgresql-client-common <none>
ii ssl-cert 1.1.0+nmu1
ii ucf 3.0043
Versions of packages postgresql-common recommends:
ii e2fsprogs 1.46.2-2
ii logrotate 3.18.0-2
Versions of packages postgresql-common suggests:
ii libjson-perl 4.03000-1
Ross Vandegrift
Jun 26, 2023, 1:10:05 AM6/26/23
to
Package: postgresql-common
Version: 248
Followup-For: Bug #1010291
X-Debbugs-Cc: rvand...@debian.org
Control: tags -1 patch
After upgrading to bookworm, I was reminded of this bug when
/var/log/postgresql's sticky bit re-appeared. So I dug a bit more.
postgresql-common's postinst unconditionally changes owners and modes on
/var/log/postgresql. The patch below makes it respect dpkg-statoverride.
Thanks,
Ross
diff --git a/debian/postgresql-common.postinst b/debian/postgresql-common.postinst
old mode 100644
new mode 100755
index 545146a..638c8b8
--- a/debian/postgresql-common.postinst
+++ b/debian/postgresql-common.postinst
@@ -65,8 +65,10 @@ Please fix this and reinstall this package." >&2
# nicer log directory permissions
mkdir -p /var/log/postgresql
- chmod 1775 /var/log/postgresql
- chown root:postgres /var/log/postgresql
+ if ! dpkg-statoverride --list /var/log/postgresl > /dev/null; then
+ chmod "$LOG_MODE" /var/log/postgresql
+ chown root:postgres /var/log/postgresql
+ fi
# create socket directory
[ -d /var/run/postgresql ] || \
Version: 248
Followup-For: Bug #1010291
X-Debbugs-Cc: rvand...@debian.org
Control: tags -1 patch
After upgrading to bookworm, I was reminded of this bug when
/var/log/postgresql's sticky bit re-appeared. So I dug a bit more.
postgresql-common's postinst unconditionally changes owners and modes on
/var/log/postgresql. The patch below makes it respect dpkg-statoverride.
Thanks,
Ross
diff --git a/debian/postgresql-common.postinst b/debian/postgresql-common.postinst
old mode 100644
new mode 100755
index 545146a..638c8b8
--- a/debian/postgresql-common.postinst
+++ b/debian/postgresql-common.postinst
@@ -65,8 +65,10 @@ Please fix this and reinstall this package." >&2
# nicer log directory permissions
mkdir -p /var/log/postgresql
- chmod 1775 /var/log/postgresql
- chown root:postgres /var/log/postgresql
+ if ! dpkg-statoverride --list /var/log/postgresl > /dev/null; then
+ chmod "$LOG_MODE" /var/log/postgresql
+ chown root:postgres /var/log/postgresql
+ fi
# create socket directory
[ -d /var/run/postgresql ] || \
0 new messages