Hi,
On Sun, Feb 08, 2026 at 09:38:12PM +0100, Samuel Thibault wrote:
> Hello,
>
> Michael Banck, le dim. 08 févr. 2026 12:35:28 +0100, a ecrit:
> > the wrapper
> > properly changes uid/gid of the resulting processes to postgres, but
> > then the postgres user cannot send signals to it:
> >
> > |postgres@debian:~$ ps -ef | grep ^postgres.*17.main | head -1
> > |postgres 14971 1 - 0:00.07 /usr/lib/postgresql/17/bin/postgres -D
> > /var/lib/postgresql/17/main -c
> > config_file=/etc/postgresql/17/main/postgresql.conf
> > |postgres@debian:~$ LANG=C kill -s HUP 14971
> > |-bash: kill: (14971) - Operation not permitted
>
> There is a pending issue with killing setuid programs:
>
> https://darnassus.sceen.net/~hurd-web/open_issues/kill_setuid/
Oh, I didn't connect this with the setuid issues, but yeah, makes sense.
I now experimented a bit more, and the problem can be worked around by
changing the Perl code in the PgCommon.pm module from this:
| $> = $< = $uid;
to this:
| POSIX::setuid($uid);
In strace, the syscalss change to
|setregid(101, -1) = 0
|setuid(101) = 0
And in rpctrace, the auth_makeauth calls then change to:
| 8<--39(pid4527)->auth_makeauth ( 0 {0 0 1000} 0 {101 0}) = 0
55<--49(pid4527)
| 55<--49(pid4527)->auth_makeauth ( 101 {101 101 1000} 0 {101 0}) = 0
40<--63(pid4527)
and SIGHUP etc. works.
I still think it would be good to align the behaviour to other Unix-like
operating systems, though.
Michael
