Prevent running pg_basebackup as root

michaelpq · michaelpq · commit 7bae0ad9fcb7 · 2020-02-01T18:30:25.000+09:00
Similarly to pg_upgrade, pg_ctl and initdb, a root user is able to use --version and --help, but cannot execute the actual operation to avoid the creation of files with permissions incompatible with the postmaster. This is a behavior change, so not back-patching is done. Author: Ian Barwick Discussion: https://postgr.es/m/CABvVfJVqOdD2neLkYdygdOHvbWz_5K_iWiqY+psMfA=FeAa3qQ@mail.gmail.com
diff --git a/src/bin/pg_basebackup/pg_basebackup.c b/src/bin/pg_basebackup/pg_basebackup.c
@@ -2077,6 +2077,22 @@ main(int argc, char **argv)
 		}
 	}
 
+	/*
+	 * Don't allow pg_basebackup to be run as root, to avoid creating files in
+	 * the data directory with ownership rights incompatible with the
+	 * postmaster.
+	 */
+#ifndef WIN32
+	if (geteuid() == 0)			/* 0 is root's uid */
+	{
+		pg_log_error("cannot be run as root");
+		fprintf(stderr,
+				_("Please log in (using, e.g., \"su\") as the (unprivileged) user that will\n"
+				  "own the server process.\n"));
+		exit(1);
+	}
+#endif
+
 	atexit(cleanup_directories_atexit);
 
 	while ((c = getopt_long(argc, argv, "CD:F:r:RS:T:X:l:nNzZ:d:c:h:p:U:s:wWkvP",
