On May 26, 2015 07:31, "Tom Lane" <[email protected]> wrote: > > Josh Berkus <[email protected]> writes: > > We need to get a notice out to our users who might update their servers > > and get stuck behind the fsync bug. As such, I've prepared a FAQ. > > Please read, correct and improve this FAQ so that it's fit for us to > > announce to users as soon as possible: > > > https://wiki.postgresql.org/wiki/May_2015_Fsync_Permissions_Bug > > Judging by Ross Boylan's report at > http://www.postgresql.org/message-id/[email protected] > it's not sufficient to just recommend "changing permissions" on the > problematic files. It's not entirely clear from here whether there is a > solution that both allows fsync on referenced files and keeps OpenSSL > happy; but if there is, it probably requires making the cert files be > owned by the postgres user, as well as adjusting their permissions to > be 0640 or thereabouts. I'm worried about whether that breaks other > services using the same cert files. >
It almost certainly will. I think the recommendation has to be that if it's a symlink, it should be replaced with a copy of the file, and that copy be chown and chmod the right way. /Magnus
