nixos/postgresqlBackup: set to umask to 0077 #49840
Conversation
* Ensure that the backup file is only readable by the owner * Add file permission test to tests
|
@GrahamcOfBorg test postgresql |
|
Success on aarch64-linux Attempted: tests.postgresql No partial log is available. |
|
Success on x86_64-linux Attempted: tests.postgresql No partial log is available. |
|
I can't get it to work with the systemd UMask setting. If I set |
|
@markuskowa I realize my mistake: UMask is being applied to both the preStart and the script code being executed. /var/backup doesn't exist so the UMask is being applied to that folder as root and hence unreadable by postgres in the script block of your code, hence the permission denied error. I was incorrect about using the systemd UMask here and what you were doing was perfectly correct. Sorry for that. Great patch, and given the security aspect this should definitely get back ported to 18.09 as well. Just need to find someone to merge now. |
|
Backported: [release-18.09 4c72d0c] nixos/postgresqlBackup: set to umask to 0077 |
|
Thanks for the clarification! That makes perfect sense now. It is rather subtle how umask is applied here. The systemd man pages are not very clear in that respect. |
Motivation for this change
The backup file now is world readable (0644). The
mkdirin the service file creates the backup directory with mode 0700. However, if the directory already exists the permissions are not changed andthe backup file is exposed. Setting the umask during creation of the dump to 0077 ensures
that the backup itself is not exposed and existing settings are not changed (i.e. the directory permissions).
This patch also needs a backport to 18.09
Things done
nixos/tests/postgresql.nixsandboxinnix.confon non-NixOS)nix-shell -p nox --run "nox-review wip"./result/bin/)nix path-info -Sbefore and after)