Skip to content

Set data directory group permissions during bootstrap #4274

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 10, 2025
Merged

Set data directory group permissions during bootstrap #4274

merged 1 commit into from
Sep 10, 2025

Conversation

@cbandy
Copy link
Member

@cbandy cbandy commented Sep 8, 2025
edited
Loading

Checklist:

  • Have you added an explanation of what your changes do and why you'd like them to be included?
  • Have you updated or added documentation for the change, as applicable?
  • Have you tested your changes on all related environments with successful results, as applicable?
    • Have you added automated tests?

Type of Changes:

  • Bug fix

What is the current behavior (link to any open issues here)?

Immediately after bootstrap, the data directory lacks group permissions when the storage provider ignores fsGroup. These are usually local-only providers for minkube and similar.

What is the new behavior (if this is a feature change)?

Bootstrap includes group permissions on development storage.

Other Information:

One workaround is to restart the pod. The startup container resets group permissions correctly.

Issue: PGO-300
See: c7842e7

@cbandy
Set data directory group permissions during bootstrap
37e11d6 
Immediately after bootstrap, the data directory lacks group permissions
when the storage provider ignores fsGroup. The startup container resets
group permissions correctly, so pod restart works around this.

Issue: PGO-300
See: c7842e7
benjaminjb
benjaminjb reviewed Sep 9, 2025
View reviewed changes
Copy link
Contributor

@benjaminjb benjaminjb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this right: we would expect fsGroup to set group permissions, but in some envs, that doesn't happen correctly; and we can work around that by having initdb set the perms using this flag?

@cbandy
Copy link
Member Author

cbandy commented Sep 9, 2025

Is this right: we would expect fsGroup to set group permissions, but in some envs, that doesn't happen correctly; and we can work around that by having initdb set the perms using this flag?

Yes, and it aligns with our intent in other places to actively set, enable, or activate group access.

🤔 It seems to me atm: if a tool has a setting for group permission on the filesystem, we should set it.

@cbandy cbandy merged commit 406e069 into CrunchyData:main Sep 10, 2025
17 checks passed
@cbandy cbandy deleted the pgdata-permissions branch September 10, 2025 19:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@benjaminjb benjaminjb benjaminjb approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@cbandy @benjaminjb