Fix file permission when restoring pg

[davidumea]

We ran into an issue where the data dir got the wrong permissions when restoring postgres from physical backups

2025-08-07 13:49:55,916 maybe_pg_upgrade INFO: Trying to perform point-in-time recovery
2025-08-07 13:49:55,916 maybe_pg_upgrade INFO: Running custom bootstrap script: true
2025-08-07 13:49:56 UTC [100]: [1-1] 6894af04.64 0     FATAL:  data directory "/home/postgres/pgdata/pgroot/data" has invalid permissions
2025-08-07 13:49:56 UTC [100]: [2-1] 6894af04.64 0     DETAIL:  Permissions should be u=rwx (0700) or u=rwx,g=rx (0750).
2025-08-07 13:49:56,277 maybe_pg_upgrade INFO: postmaster pid=100
/var/run/postgresql:5432 - no response
2025-08-07 13:49:57,284 maybe_pg_upgrade ERROR: postmaster is not running
Traceback (most recent call last):
  File "/scripts/maybe_pg_upgrade.py", line 36, in perform_pitr
    raise Exception('Point-in-time recovery failed')
Exception: Point-in-time recovery failed

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/scripts/maybe_pg_upgrade.py", line 125, in <module>
    main()
  File "/scripts/maybe_pg_upgrade.py", line 72, in main
    perform_pitr(upgrade, cluster_version, bin_version, config['bootstrap'])
  File "/scripts/maybe_pg_upgrade.py", line 55, in perform_pitr
    raise Exception('Point-in-time recovery failed.\nLOGS:\n--\n' + logs)
Exception: Point-in-time recovery failed.
LOGS:
--

2025-08-07 13:49:57,319 ERROR: /scripts/maybe_pg_upgrade.py script failed

Tried using different storageclass (volume type), changing securitycontext on the pods (fsGroup, fsGroupChangePolicy) but that made no difference.

[Ajarmar]

LGTM (didn't test)

[rarescosma]

just a small pythonic nit

[rarescosma]

Suggested change

	subprocess.Popen(["chmod 0700 /home/postgres/pgdata/pgroot/data"], shell=True)
	os.chmod('/home/postgres/pgdata/pgroot/data', 0o700)

if the os module is imported at the top :)

[davidumea]

Thanks, I wasn't aware of this 👍