Data checksum check shows success when unable to scan the data directory due to permission issues

Question

Data checksum check shows success when unable to scan the data directory due to permission issues

Closed this issue 3 months ago · 1 comments

Ran the report as `ubuntu` OS user that does not have permissions to scan PGDATA.

ubuntu@ip-172-31-83-76:~$ export PGPASSWORD=secret
ubuntu@ip-172-31-83-76:~$ export PATH=$PATH:/usr/lib/postgresql/16/bin
ubuntu@ip-172-31-83-76:~$ pgdsat -U postgres -h localhost -d mani -p 5432 -D /var/lib/postgresql/16/main -f text -o report_ubuntu.html
cat: /var/lib/postgresql/16/main/PG_VERSION: Permission denied
ls: cannot access '/var/lib/postgresql/16/main/pg_wal': Permission denied
ls: cannot open directory '/var/lib/postgresql/16/main': Permission denied
ls: cannot open directory '/var/lib/postgresql/16/main/': Permission denied

Output

ubuntu@ip-172-31-83-76:~$ cat report_ubuntu.html | egrep -i "checksum"
1.3.3 - Ensure Data Cluster have checksum enabled => SUCCESS
        # 1.3.3 - Ensure Data Cluster have checksum enabled
        When checksum are not enabled, silent data corruption can not be detected by PostgreSQL. Verify that they are enabled. (*)
        DATA: ignore_checksum_failure|off

When performed data checksums check using psql from ubuntu OS user, we can see the following result.

$ psql -h localhost -U postgres -d postgres -p 5432 -c "select name, setting from pg_settings where name IN ('data_checksums')"
      name      | setting 
----------------+---------
 data_checksums | off
(1 row)

Answer 1 · 2024-04-18T13:26:12.000Z

Commit dc8343f fixes this issue

Ran the report as ubuntu OS user that does not have permissions to scan PGDATA.

Output

Ran the report as `ubuntu` OS user that does not have permissions to scan PGDATA.