From: Michael Paquier <michael@paquier.xyz>
Date: Sat, 1 Feb 2020 09:30:25 +0000 (+0900)
Subject: Prevent running pg_basebackup as root
X-Git-Tag: REL_13_BETA1~780
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7bae0ad;p=thirdparty%2Fpostgresql.git

Prevent running pg_basebackup as root

Similarly to pg_upgrade, pg_ctl and initdb, a root user is able to use
--version and --help, but cannot execute the actual operation to avoid
the creation of files with permissions incompatible with the
postmaster.

This is a behavior change, so not back-patching is done.

Author: Ian Barwick
Discussion: https://postgr.es/m/CABvVfJVqOdD2neLkYdygdOHvbWz_5K_iWiqY+psMfA=FeAa3qQ@mail.gmail.com
---

diff --git a/src/bin/pg_basebackup/pg_basebackup.c b/src/bin/pg_basebackup/pg_basebackup.c
index 238b671f7ae..556a0af9160 100644
--- a/src/bin/pg_basebackup/pg_basebackup.c
+++ b/src/bin/pg_basebackup/pg_basebackup.c
@@ -2077,6 +2077,22 @@ main(int argc, char **argv)
 		}
 	}
 
+	/*
+	 * Don't allow pg_basebackup to be run as root, to avoid creating files in
+	 * the data directory with ownership rights incompatible with the
+	 * postmaster.
+	 */
+#ifndef WIN32
+	if (geteuid() == 0)			/* 0 is root's uid */
+	{
+		pg_log_error("cannot be run as root");
+		fprintf(stderr,
+				_("Please log in (using, e.g., \"su\") as the (unprivileged) user that will\n"
+				  "own the server process.\n"));
+		exit(1);
+	}
+#endif
+
 	atexit(cleanup_directories_atexit);
 
 	while ((c = getopt_long(argc, argv, "CD:F:r:RS:T:X:l:nNzZ:d:c:h:p:U:s:wWkvP",