From 3405f2b92532cb9559aed1316b3df2262aaadaef Mon Sep 17 00:00:00 2001
From: Tom Lane
Date: Mon, 31 Mar 2008 02:43:14 +0000
Subject: Use error message wordings for permissions checks on .pgpass and SSL
 private key files that are similar to the one for the postmaster's data
 directory permissions check.  (I chose to standardize on that one since it's
 the most heavily used and presumably best-wordsmithed by now.)  Also
 eliminate explicit tests on file ownership in these places, since the ensuing
 read attempt must fail anyway if it's wrong, and there seems no value in
 issuing the same error message for distinct problems.  (But I left in the
 explicit ownership test in postmaster.c, since it had its own error message
 anyway.)  Also be more specific in the documentation's descriptions of these
 checks.  Per a gripe from Kevin Hunter.

---
 src/backend/libpq/be-secure.c       | 11 +++++------
 src/backend/postmaster/postmaster.c |  9 ++++++++-
 2 files changed, 13 insertions(+), 7 deletions(-)

(limited to 'src/backend')

diff --git a/src/backend/libpq/be-secure.c b/src/backend/libpq/be-secure.c
index 923ad6bcb3d..d0369471762 100644
--- a/src/backend/libpq/be-secure.c
+++ b/src/backend/libpq/be-secure.c
@@ -11,7 +11,7 @@
  *
  *
  * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/backend/libpq/be-secure.c,v 1.83 2008/01/01 19:45:49 momjian Exp $
+ *	  $PostgreSQL: pgsql/src/backend/libpq/be-secure.c,v 1.84 2008/03/31 02:43:14 tgl Exp $
  *
  *	  Since the server static private key ($DataDir/server.key)
  *	  will normally be stored unencrypted so that the database
@@ -735,7 +735,7 @@ initialize_SSL(void)
 				  errmsg("could not load server certificate file \"%s\": %s",
 						 SERVER_CERT_FILE, SSLerrmessage())));
 
-		if (stat(SERVER_PRIVATE_KEY_FILE, &buf) == -1)
+		if (stat(SERVER_PRIVATE_KEY_FILE, &buf) != 0)
 			ereport(FATAL,
 					(errcode_for_file_access(),
 					 errmsg("could not access private key file \"%s\": %m",
@@ -750,13 +750,12 @@ initialize_SSL(void)
 		 * directory permission check in postmaster.c)
 		 */
 #if !defined(WIN32) && !defined(__CYGWIN__)
-		if (!S_ISREG(buf.st_mode) || (buf.st_mode & (S_IRWXG | S_IRWXO)) ||
-			buf.st_uid != geteuid())
+		if (!S_ISREG(buf.st_mode) || buf.st_mode & (S_IRWXG | S_IRWXO))
 			ereport(FATAL,
 					(errcode(ERRCODE_CONFIG_FILE_ERROR),
-					 errmsg("unsafe permissions on private key file \"%s\"",
+					 errmsg("private key file \"%s\" has group or world access",
 							SERVER_PRIVATE_KEY_FILE),
-					 errdetail("File must be owned by the database user and must have no permissions for \"group\" or \"other\".")));
+					 errdetail("Permissions should be u=rw (0600) or less.")));
 #endif
 
 		if (!SSL_CTX_use_PrivateKey_file(SSL_context,
diff --git a/src/backend/postmaster/postmaster.c b/src/backend/postmaster/postmaster.c
index 7a83e075b18..7c6692b2a5d 100644
--- a/src/backend/postmaster/postmaster.c
+++ b/src/backend/postmaster/postmaster.c
@@ -37,7 +37,7 @@
  *
  *
  * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/backend/postmaster/postmaster.c,v 1.553 2008/03/09 04:56:28 tgl Exp $
+ *	  $PostgreSQL: pgsql/src/backend/postmaster/postmaster.c,v 1.554 2008/03/31 02:43:14 tgl Exp $
  *
  * NOTES
  *
@@ -1053,6 +1053,13 @@ checkDataDir(void)
 						DataDir)));
 	}
 
+	/* eventual chdir would fail anyway, but let's test ... */
+	if (!S_ISDIR(stat_buf.st_mode))
+		ereport(FATAL,
+				(errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
+				 errmsg("specified data directory \"%s\" is not a directory",
+						DataDir)));
+
 	/*
 	 * Check that the directory belongs to my userid; if not, reject.
 	 *
-- 
cgit v1.2.3