pg_upgrade and umask

What do people think of pg_upgrade setting its umask to 0077 so the log
and SQL files are only readable by the postgres user?

-rwx------ 1 postgres postgres 41 Mar 9 09:59 delete_old_cluster.sh*
-rw------- 1 postgres postgres 6411 Mar 8 21:56 pg_upgrade_dump_all.sql
-rw------- 1 postgres postgres 5651 Mar 8 21:56 pg_upgrade_dump_db.sql
-rw------- 1 postgres postgres 738 Mar 8 21:56 pg_upgrade_dump_globals.sql
-rw------- 1 postgres postgres 1669 Mar 8 21:56 pg_upgrade_internal.log
-rw------- 1 postgres postgres 1667 Mar 8 21:56 pg_upgrade_restore.log
-rw------- 1 postgres postgres 1397 Mar 8 21:56 pg_upgrade_server.log
-rw------- 1 postgres postgres 385 Mar 8 21:56 pg_upgrade_utility.log

The umask would also affect files it copies like clog and the data
files, but those already have only postgres permissions.

The downside is that users running pg_upgrade with 'su' or 'RUNAS' would
need to use those to inspect the log files for errors.

FYI, delete_old_cluster.sh probably has to be run as root, but root
seems able to run an executable that it doesn't own.

I am thinking it isn't worth the complexity of using umask and
restricting those files, but wanted opinions.

--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com

+ It's impossible for everything to be true. +