PostgreSQL with SSL should fix certificate permissions
Summary
When we set a custom certificate, it's likely that the user would not remember to fix permissions nor to change file ownership. We can do that automatically as we know the path and what should be there.
Proposal
Based on the following attributes:
postgresql['ssl_cert_file']
postgresql['ssl_key_file']
postgresql['ssl_crl_file']
We shoud make sure (when file exists on disk) that they have the following ownership and permissions:
- Permission:
0400
- Owner:
postgresql['username']
- Group:
postgresql['group']
References
https://docs.gitlab.com/omnibus/settings/database.html#configure-the-database-server