Skip to content
Snippets Groups Projects
Select Git revision
  • benchmark-tools
  • postgres-lambda
  • master default
  • REL9_4_25
  • REL9_5_20
  • REL9_6_16
  • REL_10_11
  • REL_11_6
  • REL_12_1
  • REL_12_0
  • REL_12_RC1
  • REL_12_BETA4
  • REL9_4_24
  • REL9_5_19
  • REL9_6_15
  • REL_10_10
  • REL_11_5
  • REL_12_BETA3
  • REL9_4_23
  • REL9_5_18
  • REL9_6_14
  • REL_10_9
  • REL_11_4
23 results

pg_ctl.c

Blame
    • Tom Lane's avatar
      b203c57b
      Allow "-C variable" and "--describe-config" even to root users. · b203c57b
      Tom Lane authored
      There's no really compelling reason to refuse to do these read-only,
      non-server-starting options as root, and there's at least one good
      reason to allow -C: pg_ctl uses -C to find out the true data directory
      location when pointed at a config-only directory.  On Windows, this is
      done before dropping administrator privileges, which means that pg_ctl
      fails for administrators if and only if a config-only layout is used.
      
      Since the root-privilege check is done so early in startup, it's a bit
      awkward to check for these switches.  Make the somewhat arbitrary
      decision that we'll only skip the root check if -C is the first switch.
      This is not just to make the code a bit simpler: it also guarantees that
      we can't misinterpret a --boot mode switch.  (While AuxiliaryProcessMain
      doesn't currently recognize any such switch, it might have one in the
      future.)  This is no particular problem for pg_ctl, and since the whole
      behavior is undocumented anyhow, it's not a documentation issue either.
      (--describe-config only works as the first switch anyway, so this is
      no restriction for that case either.)
      
      Back-patch to 9.2 where pg_ctl first began to use -C.
      
      MauMau, heavily edited by me
      b203c57b
      History
      Allow "-C variable" and "--describe-config" even to root users.
      Tom Lane authored
      There's no really compelling reason to refuse to do these read-only,
      non-server-starting options as root, and there's at least one good
      reason to allow -C: pg_ctl uses -C to find out the true data directory
      location when pointed at a config-only directory.  On Windows, this is
      done before dropping administrator privileges, which means that pg_ctl
      fails for administrators if and only if a config-only layout is used.
      
      Since the root-privilege check is done so early in startup, it's a bit
      awkward to check for these switches.  Make the somewhat arbitrary
      decision that we'll only skip the root check if -C is the first switch.
      This is not just to make the code a bit simpler: it also guarantees that
      we can't misinterpret a --boot mode switch.  (While AuxiliaryProcessMain
      doesn't currently recognize any such switch, it might have one in the
      future.)  This is no particular problem for pg_ctl, and since the whole
      behavior is undocumented anyhow, it's not a documentation issue either.
      (--describe-config only works as the first switch anyway, so this is
      no restriction for that case either.)
      
      Back-patch to 9.2 where pg_ctl first began to use -C.
      
      MauMau, heavily edited by me
    pg_ctl.c 60.43 KiB