Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
P
Postgres FD Implementation
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Abuhujair Javed
Postgres FD Implementation
Commits
d1bfa6c7
Commit
d1bfa6c7
authored
Nov 01, 2000
by
Peter Eisentraut
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Add runtime configuration options to control permission bits and group
owner of unix socket.
parent
855ffa0b
Changes
5
Show whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
135 additions
and
9 deletions
+135
-9
doc/src/sgml/runtime.sgml
doc/src/sgml/runtime.sgml
+52
-1
src/backend/libpq/pqcomm.c
src/backend/libpq/pqcomm.c
+62
-2
src/backend/postmaster/postmaster.c
src/backend/postmaster/postmaster.c
+3
-3
src/backend/utils/misc/guc.c
src/backend/utils/misc/guc.c
+9
-2
src/include/libpq/pqcomm.h
src/include/libpq/pqcomm.h
+9
-1
No files found.
doc/src/sgml/runtime.sgml
View file @
d1bfa6c7
<!--
<!--
$Header: /cvsroot/pgsql/doc/src/sgml/runtime.sgml,v 1.3
0 2000/10/20 14:00:49 thomas
Exp $
$Header: /cvsroot/pgsql/doc/src/sgml/runtime.sgml,v 1.3
1 2000/11/01 21:14:00 petere
Exp $
-->
-->
<Chapter Id="runtime">
<Chapter Id="runtime">
...
@@ -1031,6 +1031,57 @@ env PGOPTIONS='--geqo=off' psql
...
@@ -1031,6 +1031,57 @@ env PGOPTIONS='--geqo=off' psql
</para>
</para>
</listitem>
</listitem>
</varlistentry>
</varlistentry>
<varlistentry>
<term>UNIX_SOCKET_GROUP (<type>string</type>)</term>
<listitem>
<para>
Sets the group owner of the Unix domain socket. (The owning
user of the socket is always the user that starts the
postmaster.) In combination with the option
<option>UNIX_SOCKET_PERMISSIONS</option> this can be used as
an additional access control mechanism for this socket type.
By default this is the empty string, which uses the default
group for the current user. This option can only be set at
server start.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>UNIX_SOCKET_PERMISSIONS (<type>integer</type>)</term>
<listitem>
<para>
Sets the access permissions of the Unix domain socket. Unix
domain sockets use the usual Unix file system permission set.
The option value is expected to be an numeric mode
specification in the form accepted by the
<function>chmod</function> and <function>umask</function>
system calls. (To use the customary octal format the number
must start with a <literal>0</literal> (zero).)
</para>
<para>
The default permissions are <literal>0777</literal>, meaning
anyone can connect. Reasonable alternatives would be
<literal>0770</literal> (only user and group, see also under
<option>UNIX_SOCKET_GROUP</option>) and
<literal>0700</literal> (only user). (Note that actually for
a Unix socket, only write permission matters and there is no
point in setting or revoking read or execute permissions.)
</para>
<para>
This access control mechanism is independent from the one
described in <xref linkend="client-authentication">.
</para>
<para>
This option can only be set at server start.
</para>
</listitem>
</varlistentry>
</variablelist>
</variablelist>
</para>
</para>
</sect2>
</sect2>
...
...
src/backend/libpq/pqcomm.c
View file @
d1bfa6c7
...
@@ -29,7 +29,7 @@
...
@@ -29,7 +29,7 @@
* Portions Copyright (c) 1996-2000, PostgreSQL, Inc
* Portions Copyright (c) 1996-2000, PostgreSQL, Inc
* Portions Copyright (c) 1994, Regents of the University of California
* Portions Copyright (c) 1994, Regents of the University of California
*
*
* $Id: pqcomm.c,v 1.10
8 2000/10/23 14:48:50 momjian
Exp $
* $Id: pqcomm.c,v 1.10
9 2000/11/01 21:14:01 petere
Exp $
*
*
*-------------------------------------------------------------------------
*-------------------------------------------------------------------------
*/
*/
...
@@ -63,6 +63,7 @@
...
@@ -63,6 +63,7 @@
#include <signal.h>
#include <signal.h>
#include <errno.h>
#include <errno.h>
#include <fcntl.h>
#include <fcntl.h>
#include <grp.h>
#include <unistd.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/stat.h>
...
@@ -84,6 +85,13 @@
...
@@ -84,6 +85,13 @@
#endif
#endif
/*
* Configuration options
*/
int
Unix_socket_permissions
;
char
*
Unix_socket_group
;
/*
/*
* Buffers for low-level I/O
* Buffers for low-level I/O
*/
*/
...
@@ -295,8 +303,60 @@ StreamServerPort(int family, unsigned short portName, int *fdP)
...
@@ -295,8 +303,60 @@ StreamServerPort(int family, unsigned short portName, int *fdP)
*/
*/
*
fdP
=
fd
;
*
fdP
=
fd
;
if
(
family
==
AF_UNIX
)
if
(
family
==
AF_UNIX
)
chmod
(
sock_path
,
0777
);
{
Assert
(
Unix_socket_group
);
if
(
Unix_socket_group
[
0
]
!=
'\0'
)
{
char
*
endptr
;
unsigned
long
int
val
;
gid_t
gid
;
val
=
strtoul
(
Unix_socket_group
,
&
endptr
,
10
);
if
(
*
endptr
==
'\0'
)
{
/* numeric group id */
gid
=
val
;
}
else
{
/* convert group name to id */
struct
group
*
gr
;
gr
=
getgrnam
(
Unix_socket_group
);
if
(
!
gr
)
{
snprintf
(
PQerrormsg
,
PQERRORMSG_LENGTH
,
"FATAL: no such group '%s'
\n
"
,
Unix_socket_group
);
fputs
(
PQerrormsg
,
stderr
);
pqdebug
(
"%s"
,
PQerrormsg
);
return
STATUS_ERROR
;
}
gid
=
gr
->
gr_gid
;
}
if
(
chown
(
sock_path
,
-
1
,
gid
)
==
-
1
)
{
snprintf
(
PQerrormsg
,
PQERRORMSG_LENGTH
,
"FATAL: could not set group of %s: %s
\n
"
,
sock_path
,
strerror
(
errno
));
fputs
(
PQerrormsg
,
stderr
);
pqdebug
(
"%s"
,
PQerrormsg
);
return
STATUS_ERROR
;
}
}
if
(
chmod
(
sock_path
,
Unix_socket_permissions
)
==
-
1
)
{
snprintf
(
PQerrormsg
,
PQERRORMSG_LENGTH
,
"FATAL: could not set permissions on %s: %s
\n
"
,
sock_path
,
strerror
(
errno
));
fputs
(
PQerrormsg
,
stderr
);
pqdebug
(
"%s"
,
PQerrormsg
);
return
STATUS_ERROR
;
}
}
return
STATUS_OK
;
return
STATUS_OK
;
}
}
...
...
src/backend/postmaster/postmaster.c
View file @
d1bfa6c7
...
@@ -11,7 +11,7 @@
...
@@ -11,7 +11,7 @@
*
*
*
*
* IDENTIFICATION
* IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/postmaster/postmaster.c,v 1.17
6 2000/10/28 18:27:55 momjian
Exp $
* $Header: /cvsroot/pgsql/src/backend/postmaster/postmaster.c,v 1.17
7 2000/11/01 21:14:02 petere
Exp $
*
*
* NOTES
* NOTES
*
*
...
@@ -588,7 +588,7 @@ PostmasterMain(int argc, char *argv[])
...
@@ -588,7 +588,7 @@ PostmasterMain(int argc, char *argv[])
{
{
fprintf
(
stderr
,
"%s: cannot create INET stream port
\n
"
,
fprintf
(
stderr
,
"%s: cannot create INET stream port
\n
"
,
progname
);
progname
);
exit
(
1
);
ExitPostmaster
(
1
);
}
}
}
}
...
@@ -598,7 +598,7 @@ PostmasterMain(int argc, char *argv[])
...
@@ -598,7 +598,7 @@ PostmasterMain(int argc, char *argv[])
{
{
fprintf
(
stderr
,
"%s: cannot create UNIX stream port
\n
"
,
fprintf
(
stderr
,
"%s: cannot create UNIX stream port
\n
"
,
progname
);
progname
);
exit
(
1
);
ExitPostmaster
(
1
);
}
}
#endif
#endif
/* set up shared memory and semaphores */
/* set up shared memory and semaphores */
...
...
src/backend/utils/misc/guc.c
View file @
d1bfa6c7
...
@@ -4,7 +4,7 @@
...
@@ -4,7 +4,7 @@
* Support for grand unified configuration scheme, including SET
* Support for grand unified configuration scheme, including SET
* command, configuration file, and command line options.
* command, configuration file, and command line options.
*
*
* $Header: /cvsroot/pgsql/src/backend/utils/misc/guc.c,v 1.1
4 2000/10/11 17:58:01 momjian
Exp $
* $Header: /cvsroot/pgsql/src/backend/utils/misc/guc.c,v 1.1
5 2000/11/01 21:14:03 petere
Exp $
*
*
* Copyright 2000 by PostgreSQL Global Development Group
* Copyright 2000 by PostgreSQL Global Development Group
* Written by Peter Eisentraut <peter_e@gmx.net>.
* Written by Peter Eisentraut <peter_e@gmx.net>.
...
@@ -22,6 +22,7 @@
...
@@ -22,6 +22,7 @@
#include "commands/async.h"
#include "commands/async.h"
#include "libpq/auth.h"
#include "libpq/auth.h"
#include "libpq/pqcomm.h"
#include "miscadmin.h"
#include "miscadmin.h"
#include "optimizer/cost.h"
#include "optimizer/cost.h"
#include "optimizer/geqo.h"
#include "optimizer/geqo.h"
...
@@ -253,6 +254,9 @@ ConfigureNamesInt[] =
...
@@ -253,6 +254,9 @@ ConfigureNamesInt[] =
{
"max_expr_depth"
,
PGC_USERSET
,
&
max_expr_depth
,
{
"max_expr_depth"
,
PGC_USERSET
,
&
max_expr_depth
,
DEFAULT_MAX_EXPR_DEPTH
,
10
,
INT_MAX
},
DEFAULT_MAX_EXPR_DEPTH
,
10
,
INT_MAX
},
{
"unix_socket_permissions"
,
PGC_POSTMASTER
,
&
Unix_socket_permissions
,
0777
,
0000
,
0777
},
{
NULL
,
0
,
NULL
,
0
,
0
,
0
}
{
NULL
,
0
,
NULL
,
0
,
0
,
0
}
};
};
...
@@ -281,9 +285,12 @@ ConfigureNamesReal[] =
...
@@ -281,9 +285,12 @@ ConfigureNamesReal[] =
static
struct
config_string
static
struct
config_string
ConfigureNamesString
[]
=
ConfigureNamesString
[]
=
{
{
{
"krb_server_keyfile"
,
PGC_
USERSET
,
&
pg_krb_server_keyfile
,
{
"krb_server_keyfile"
,
PGC_
POSTMASTER
,
&
pg_krb_server_keyfile
,
PG_KRB_SRVTAB
,
NULL
},
PG_KRB_SRVTAB
,
NULL
},
{
"unix_socket_group"
,
PGC_POSTMASTER
,
&
Unix_socket_group
,
""
,
NULL
},
{
NULL
,
0
,
NULL
,
NULL
,
NULL
}
{
NULL
,
0
,
NULL
,
NULL
,
NULL
}
};
};
...
...
src/include/libpq/pqcomm.h
View file @
d1bfa6c7
...
@@ -9,7 +9,7 @@
...
@@ -9,7 +9,7 @@
* Portions Copyright (c) 1996-2000, PostgreSQL, Inc
* Portions Copyright (c) 1996-2000, PostgreSQL, Inc
* Portions Copyright (c) 1994, Regents of the University of California
* Portions Copyright (c) 1994, Regents of the University of California
*
*
* $Id: pqcomm.h,v 1.4
2 2000/09/27 15:17:56
petere Exp $
* $Id: pqcomm.h,v 1.4
3 2000/11/01 21:14:03
petere Exp $
*
*
*-------------------------------------------------------------------------
*-------------------------------------------------------------------------
*/
*/
...
@@ -169,4 +169,12 @@ typedef struct CancelRequestPacket
...
@@ -169,4 +169,12 @@ typedef struct CancelRequestPacket
*/
*/
#define NEGOTIATE_SSL_CODE PG_PROTOCOL(1234,5679)
#define NEGOTIATE_SSL_CODE PG_PROTOCOL(1234,5679)
/*
* Configuration options
*/
extern
int
Unix_socket_permissions
;
extern
char
*
Unix_socket_group
;
#endif
/* PQCOMM_H */
#endif
/* PQCOMM_H */
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment