* [pmg-devel] [PATCH pmg-api v2] utils: postgres_admin_cmd chdir to / before running
@ 2021-12-01 18:08 Stoiko Ivanov
2022-02-03 11:35 ` [pmg-devel] applied: " Thomas Lamprecht
0 siblings, 1 reply; 2+ messages in thread
From: Stoiko Ivanov @ 2021-12-01 18:08 UTC (permalink / raw)
To: pmg-devel
postgres_admin_cmd switches user to the postgres user.
When running a cli command in `/root` (or any other directory not
accessible by the postgres user) this causes:
`could not change directory to "/root": Permission denied`
to be printed multiple times on stderr for those invocations, which is
confusing and has caused quite a few support requests.
modifying the postgres_admin_cmd invocation only should not cause any
future surprises
quickly tested with `pmgconfig sync`
Reported-by: Oguz Bektas <o.bektas@proxmox.com>
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
---
v1->v2:
* changed to only cd'ing for the problematic postgres_admin_cmd, after
a chat with Thomas - huge thanks!
src/PMG/Utils.pm | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/src/PMG/Utils.pm b/src/PMG/Utils.pm
index 4eebfa5..52701a3 100644
--- a/src/PMG/Utils.pm
+++ b/src/PMG/Utils.pm
@@ -2,6 +2,7 @@ package PMG::Utils;
use strict;
use warnings;
+use Cwd;
use DBI;
use Net::Cmd;
use Net::SMTP;
@@ -1383,6 +1384,10 @@ sub postgres_admin_cmd {
my $save_uid = POSIX::getuid();
my $pg_uid = getpwnam('postgres') || die "getpwnam postgres failed\n";
+ #cd to / to prevent warnings on EPERM (e.g. when running in /root)
+ my $cwd = getcwd() || die "getcwd failed\n";
+ ($cwd) = ($cwd =~ m|^(/.*)$|); #untaint
+ chdir('/') || die "could not chdir to '/'\n";
PVE::Tools::setresuid(-1, $pg_uid, -1) ||
die "setresuid postgres ($pg_uid) failed - $!\n";
@@ -1390,6 +1395,8 @@ sub postgres_admin_cmd {
PVE::Tools::setresuid(-1, $save_uid, -1) ||
die "setresuid back failed - $!\n";
+
+ chdir("$cwd") || die "could not chdir back to $cwd\n";
}
sub get_pg_server_version {
--
2.30.2
^ permalink raw reply [flat|nested] 2+ messages in thread
* [pmg-devel] applied: [PATCH pmg-api v2] utils: postgres_admin_cmd chdir to / before running
2021-12-01 18:08 [pmg-devel] [PATCH pmg-api v2] utils: postgres_admin_cmd chdir to / before running Stoiko Ivanov
@ 2022-02-03 11:35 ` Thomas Lamprecht
0 siblings, 0 replies; 2+ messages in thread
From: Thomas Lamprecht @ 2022-02-03 11:35 UTC (permalink / raw)
To: Stoiko Ivanov, pmg-devel
On 01.12.21 19:08, Stoiko Ivanov wrote:
> postgres_admin_cmd switches user to the postgres user.
>
> When running a cli command in `/root` (or any other directory not
> accessible by the postgres user) this causes:
>
> `could not change directory to "/root": Permission denied`
>
> to be printed multiple times on stderr for those invocations, which is
> confusing and has caused quite a few support requests.
>
> modifying the postgres_admin_cmd invocation only should not cause any
> future surprises
>
> quickly tested with `pmgconfig sync`
>
> Reported-by: Oguz Bektas <o.bektas@proxmox.com>
> Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
> ---
> v1->v2:
> * changed to only cd'ing for the problematic postgres_admin_cmd, after
> a chat with Thomas - huge thanks!
>
> src/PMG/Utils.pm | 7 +++++++
> 1 file changed, 7 insertions(+)
>
>
applied, thanks! Added $! to the error messages in a followup so that the
user/we gets more context wrt. the error.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-02-03 11:35 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-12-01 18:08 [pmg-devel] [PATCH pmg-api v2] utils: postgres_admin_cmd chdir to / before running Stoiko Ivanov
2022-02-03 11:35 ` [pmg-devel] applied: " Thomas Lamprecht
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal