Prevent pg_resetxlog from being run as root. If this is allowed, some

root-owned files will be written to the data directory, leaving it in an
unusable state.

diff --git a/src/bin/pg_resetxlog/pg_resetxlog.c b/src/bin/pg_resetxlog/pg_resetxlog.c
index 720c28f1262f3cf1198d2006110e18a7deab7c2d..e3ff074c66491486dbf04abf92729915c3332129 100644 (file)
--- a/src/bin/pg_resetxlog/pg_resetxlog.c
+++ b/src/bin/pg_resetxlog/pg_resetxlog.c
@@ -23,7 +23,7 @@
  * Portions Copyright (c) 1996-2004, PostgreSQL Global Development Group
  * Portions Copyright (c) 1994, Regents of the University of California
  *
- * $PostgreSQL: pgsql/src/bin/pg_resetxlog/pg_resetxlog.c,v 1.25 2004/11/17 21:37:47 tgl Exp $
+ * $PostgreSQL: pgsql/src/bin/pg_resetxlog/pg_resetxlog.c,v 1.26 2004/12/14 01:59:41 neilc Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -176,6 +176,25 @@ main(int argc, char *argv[])
        exit(1);
    }
 
+   /*
+    * Don't allow pg_resetxlog to be run as root, to avoid
+    * overwriting the ownership of files in the data directory. We
+    * need only check for root -- any other user won't have
+    * sufficient permissions to modify files in the data directory.
+    */
+#ifndef WIN32
+#ifndef __BEOS__               /* no root check on BeOS */
+   if (geteuid() == 0)
+   {
+       fprintf(stderr, _("%s: cannot be executed by \"root\"\n"),
+               progname);
+       fprintf(stderr, _("You must run %s as the PostgreSQL superuser.\n"),
+               progname);
+       exit(1);
+   }
+#endif
+#endif
+
    DataDir = argv[optind];
    snprintf(XLogDir, MAXPGPATH, "%s/pg_xlog", DataDir);
    snprintf(ControlFilePath, MAXPGPATH, "%s/global/pg_control", DataDir);