Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps
 (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <pgsql-pkg-yum-owner+archive@lists.postgresql.org>)
	id 1lmKMU-0006fP-Rj
	for pgsql-pkg-yum@arkaria.postgresql.org; Thu, 27 May 2021 18:04:02 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.92)
	(envelope-from <pgsql-pkg-yum-owner+archive@lists.postgresql.org>)
	id 1lmKMT-00035P-SP
	for pgsql-pkg-yum@arkaria.postgresql.org; Thu, 27 May 2021 18:04:01 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
	by malur.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <pryzby@telsasoft.com>)
	id 1lmKMT-00030p-J6
	for pgsql-pkg-yum@lists.postgresql.org; Thu, 27 May 2021 18:04:01 +0000
Received: from mail-oo1-xc36.google.com ([2607:f8b0:4864:20::c36])
	by magus.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_128_GCM_SHA256:128)
	(Exim 4.92)
	(envelope-from <pryzby@telsasoft.com>)
	id 1lmKMQ-0006UI-5n
	for pgsql-pkg-yum@postgresql.org; Thu, 27 May 2021 18:04:00 +0000
Received: by mail-oo1-xc36.google.com with SMTP id
 t22-20020a4ad0b60000b029020fe239e804so316069oor.4
        for <pgsql-pkg-yum@postgresql.org>;
 Thu, 27 May 2021 11:03:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=telsasoft-com.20150623.gappssmtp.com; s=20150623;
        h=date:from:to:cc:subject:message-id:mime-version:content-disposition
         :user-agent;
        bh=g1HMJxSYUal/6lDgR6SVNgFCR/BbtZ3wcT2G213vEdo=;
        b=Kro0GHN4K/loQg2X+ZzIWHPIuNVIuwZX6XfcHJcBPkTiIxH+p/t0w2geJHU2cB6jY/
         xrwvR9nOLdIBO1adO4ii8Cz70eTNeHWOGyFinTcOGiGaiNFNgCj4vQWrwaOBOV/vxnlg
         eivcuGrkINHdn90CfVPvumM1JinUdgxzBCIZ+651ZOkN7ERNJ9atHnwGtszyBkMECuya
         nIkMHEN4OYBpqWJ0U15InVp450liRx02PDqCQ2txv1u1sDKYBxQEkPPPMLsFhqbqPAds
         tqBD0GD7qILM89f5vAP60xQyJsxP62I5d//XlCMfjBx324OaUJFl03Uge0mlW24rxXl0
         jHvw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:date:from:to:cc:subject:message-id:mime-version
         :content-disposition:user-agent;
        bh=g1HMJxSYUal/6lDgR6SVNgFCR/BbtZ3wcT2G213vEdo=;
        b=BLcBocfFfd6X+x4ipSDkOeyEnv53KidWX7+DEvSqAMF3PC9y8HMGP/Z5faiDuAU1Nn
         Ai525ur869cJqW2YbYShgdXHf5vv7KRsNwvNyU3rO1yfzkxeVsyaFAfyf1uuukjN5uCu
         6Aab37sO5oDq/HVU92DE0l306z0fPHKyc/97SFPvljbHQpAKoxkNosWOor9Xv21VN2TJ
         eW3Oiax+g8q7LGXudwEXJlJ5FghbtGen4YIH8r4wsulr3NMua/aTH7FTLMtUo804dM2a
         Uv+qfOh5m+BzenzS7Ob0/n3fdspH5pvIr+lCh6LcdxvvsPXgwpNZNuapGeXai5yHRNG9
         5paA==
X-Gm-Message-State: AOAM5320YDgoNz2OUltxYS439b0phgUxq3vVqQ6XhYf018kS3nUqvQ2Z
	wpFBO7Dsho9t9ftPv3Bb2JVIk7a7bRCAaw==
X-Google-Smtp-Source: 
 ABdhPJyNrv/7tOWuF7CQ5o4upWl/C49jxuUwbrOXvjbxL21gEQSMwzZzBy1Z14s09cH1z4oqfLdu7w==
X-Received: by 2002:a4a:a511:: with SMTP id v17mr3744067ook.44.1622138635254;
        Thu, 27 May 2021 11:03:55 -0700 (PDT)
Received: from pryzbyj.telsasoft (charmander.telsasoft.com. [50.244.222.1])
        by smtp.gmail.com with ESMTPSA id
 t39sm557164ooi.42.2021.05.27.11.03.54
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Thu, 27 May 2021 11:03:54 -0700 (PDT)
Received: by pryzbyj.telsasoft (Postfix, from userid 1000)
	id 4E8578009D6; Thu, 27 May 2021 13:03:53 -0500 (CDT)
Date: Thu, 27 May 2021 13:03:53 -0500
From: Justin Pryzby <pryzby@telsasoft.com>
To: Devrim =?iso-8859-1?B?R/xuZPx6?= <devrim@gunduz.org>
Cc: pgsql-pkg-yum@postgresql.org
Subject: /var/lib/pgsql 0755
Message-ID: <20210527180353.GC2082@telsasoft.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.9.4 (2018-02-28)
List-Id: <pgsql-pkg-yum.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-pkg-yum@lists.postgresql.org>
List-Owner: <mailto:pgsql-pkg-yum-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-pkg-yum>
Archived-At: 
 <https://www.postgresql.org/message-id/20210527180353.GC2082%40telsasoft.com>
Precedence: bulk

Hi,

Postgres requires that the data dir is restricted:
2021-05-27 13:39:44.002 EDT [23409] FATAL:  data directory "/var/lib/pgsql/pgsql14.jtp" has invalid permissions
2021-05-27 13:39:44.002 EDT [23409] DETAIL:  Permissions should be u=rwx (0700) or u=rwx,g=rx (0750).

But the server package creates /v/l/pgsql as mode 700, and rpm resets the perms
on every installation.

[pryzbyj@database ~]$ rpm -qvl postgresql14-server-14-beta1_3PGDG.rhel7.x86_64 |grep var/lib
drwx------    2 postgrespostgres                    0 May 21 06:18 /var/lib/pgsql
drwx------    2 postgrespostgres                    0 May 21 06:18 /var/lib/pgsql/14
drwx------    2 postgrespostgres                    0 May 21 06:18 /var/lib/pgsql/14/backups
drwx------    2 postgrespostgres                    0 May 21 06:18 /var/lib/pgsql/14/data

That seems unnecessarily restrictive, since I might put something like logs
underneath there, and I'd prefer to be able to look for them, tab complete
them, maybe even look *at* them, depending on log_file_mode, and the
permissions that *I* set on the subdir.  I might just want to "ls"/tab complete
to know which version dir to use.  In my deployment script, I go to the effort
to set it back to 00755 for convenience.

Maybe the mode 700 stuff is leftover from old packages which didn't include a
version ?  Either in the package name or as a subdir.

There's not many base pakages which do this:
rpm -qlav |grep '^drwx.*root *root' |grep -v ^drwxr-xr-x |awk -F/ '!/audit|firewall|tmp|lvm/ && NF<5'

Would you consider setting at least /v/l/p to mode 755?  And maybe the version
subdirs (like 14) too.

-- 
Justin