> Would it address your concern if we reworded that error message to be
> more clear that the file is going to be ignored? I think that proposal
> would have a better chance of success than this one.
Yes, that would improve it a bit. I already suggested this in my very first message.
To reiterate:
I see three problems:
- A.) Postgres unintuitively continues with a broken configuration
- B.) Postgres does not at least inform the user that the passfile is ignored
- C.) Group permissions are not allowed
And I propose one or more of the following solutions:
- 1. Make the warning clearer by stating that passfile is ignored (B)
- 2. Change the warning to be an error (A,B)
- 3. Allow group permissions (C)
- 4. Just warn, don't ignore (A,B,C)
Option 4 is the easiest and the patch I submitted but does not seem to be well received
Option 1 is the bare minimum IMO - it's still not great though
I'd like to see options 2 & 3 (same behavior as SSH)
On Sat, Sep 6, 2025 at 9:52 AM Paul Ohlhauser
<bendix.ohlhauser@gmail.com> wrote:
> My point is not that the user is not happy, that they have to change permissions.
> It is that the user would rather get a clear error message than to get two separate messages (warning that doesn't mention "ignore" and authentication error) they need to connect to understand what is going on.
Would it address your concern if we reworded that error message to be
more clear that the file is going to be ignored? I think that proposal
would have a better chance of success than this one.
--
Robert Haas
EDB: http://www.enterprisedb.com
