From 0574279ccbbcbea4d657aabefd4a1f6e4ae56b70 Mon Sep 17 00:00:00 2001
From: Ian Barwick <ian@2ndquadrant.com>
Date: Fri, 18 Oct 2019 16:45:46 +0900
Subject: [PATCH] Ensure postgresql.auto.conf is created with correct
 permissions

---
 configfile.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/configfile.c b/configfile.c
index 4c10f726..453bbaa9 100644
--- a/configfile.c
+++ b/configfile.c
@@ -1882,6 +1882,8 @@ modify_auto_conf(const char *data_dir, KeyValueList *items)
 	PQExpBufferData auto_conf_contents;
 
 	FILE	   *fp;
+	mode_t		um;
+
 	KeyValueList config = {NULL, NULL};
 	KeyValueListCell *cell = NULL;
 
@@ -1937,7 +1939,11 @@ modify_auto_conf(const char *data_dir, KeyValueList *items)
 						  cell->key, cell->value);
 	}
 
+	/* Set umask to 0600 */
+	um = umask((~(S_IRUSR | S_IWUSR)) & (S_IRWXG | S_IRWXO));
 	fp = fopen(auto_conf_tmp.data, "w");
+	umask(um);
+
 	if (fp == NULL)
 	{
 		fprintf(stderr, "unable to open \"%s\": %s\n",