Prevent pg_resetxlog from being run as root. If this is allowed, some

root-owned files will be written to the data directory, leaving it in an
unusable state.

diff --git a/src/bin/pg_resetxlog/pg_resetxlog.c b/src/bin/pg_resetxlog/pg_resetxlog.c
index 720c28f1262f3cf1198d2006110e18a7deab7c2d..e3ff074c66491486dbf04abf92729915c3332129 100644 (file)
--- a/src/bin/pg_resetxlog/pg_resetxlog.c
+++ b/src/bin/pg_resetxlog/pg_resetxlog.c
@@ -23,7 +23,7 @@
  * Portions Copyright (c) 1996-2004, PostgreSQL Global Development Group
  * Portions Copyright (c) 1994, Regents of the University of California
  *
- * $PostgreSQL: pgsql/src/bin/pg_resetxlog/pg_resetxlog.c,v 1.25 2004/11/17 21:37:47 tgl Exp $
+ * $PostgreSQL: pgsql/src/bin/pg_resetxlog/pg_resetxlog.c,v 1.26 2004/12/14 01:59:41 neilc Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -176,6 +176,25 @@ main(int argc, char *argv[])
                exit(1);
        }
 
+       /*
+        * Don't allow pg_resetxlog to be run as root, to avoid
+        * overwriting the ownership of files in the data directory. We
+        * need only check for root -- any other user won't have
+        * sufficient permissions to modify files in the data directory.
+        */
+#ifndef WIN32
+#ifndef __BEOS__                               /* no root check on BeOS */
+       if (geteuid() == 0)
+       {
+               fprintf(stderr, _("%s: cannot be executed by \"root\"\n"),
+                               progname);
+               fprintf(stderr, _("You must run %s as the PostgreSQL superuser.\n"),
+                               progname);
+               exit(1);
+       }
+#endif
+#endif
+
        DataDir = argv[optind];
        snprintf(XLogDir, MAXPGPATH, "%s/pg_xlog", DataDir);
        snprintf(ControlFilePath, MAXPGPATH, "%s/global/pg_control", DataDir);