From: Stoiko Ivanov <s.ivanov@proxmox.com>
To: pmg-devel@lists.proxmox.com
Subject: [pmg-devel] [PATCH pmg-api v2] utils: postgres_admin_cmd chdir to / before running
Date: Wed, 1 Dec 2021 19:08:26 +0100 [thread overview]
Message-ID: <20211201180826.68298-1-s.ivanov@proxmox.com> (raw)
postgres_admin_cmd switches user to the postgres user.
When running a cli command in `/root` (or any other directory not
accessible by the postgres user) this causes:
`could not change directory to "/root": Permission denied`
to be printed multiple times on stderr for those invocations, which is
confusing and has caused quite a few support requests.
modifying the postgres_admin_cmd invocation only should not cause any
future surprises
quickly tested with `pmgconfig sync`
Reported-by: Oguz Bektas <o.bektas@proxmox.com>
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
---
v1->v2:
* changed to only cd'ing for the problematic postgres_admin_cmd, after
a chat with Thomas - huge thanks!
src/PMG/Utils.pm | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/src/PMG/Utils.pm b/src/PMG/Utils.pm
index 4eebfa5..52701a3 100644
--- a/src/PMG/Utils.pm
+++ b/src/PMG/Utils.pm
@@ -2,6 +2,7 @@ package PMG::Utils;
use strict;
use warnings;
+use Cwd;
use DBI;
use Net::Cmd;
use Net::SMTP;
@@ -1383,6 +1384,10 @@ sub postgres_admin_cmd {
my $save_uid = POSIX::getuid();
my $pg_uid = getpwnam('postgres') || die "getpwnam postgres failed\n";
+ #cd to / to prevent warnings on EPERM (e.g. when running in /root)
+ my $cwd = getcwd() || die "getcwd failed\n";
+ ($cwd) = ($cwd =~ m|^(/.*)$|); #untaint
+ chdir('/') || die "could not chdir to '/'\n";
PVE::Tools::setresuid(-1, $pg_uid, -1) ||
die "setresuid postgres ($pg_uid) failed - $!\n";
@@ -1390,6 +1395,8 @@ sub postgres_admin_cmd {
PVE::Tools::setresuid(-1, $save_uid, -1) ||
die "setresuid back failed - $!\n";
+
+ chdir("$cwd") || die "could not chdir back to $cwd\n";
}
sub get_pg_server_version {
--
2.30.2
next reply other threads:[~2021-12-01 18:08 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-01 18:08 Stoiko Ivanov [this message]
2022-02-03 11:35 ` [pmg-devel] applied: " Thomas Lamprecht
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211201180826.68298-1-s.ivanov@proxmox.com \
--to=s.ivanov@proxmox.com \
--cc=pmg-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.