On Sun, Oct 28, 2018 at 07:18:53PM +0100, Sebastien Marie wrote:
> On Sun, Oct 28, 2018 at 05:21:38PM +0100, Antoine Jacoutot wrote:
> >
> > Thinking about it I wonder if this shouldn't just be "fixed" in the rc.d
> > script itself.
>
> it could, but I am expecting some others rc.d files to need the same
> "fix".
>
> > Manually running pg_ctl as root (from /root for example) would fail the same
> > way. So I think it's more an issue with the way pg_ctl works.
>
> no. pg_ctl failed because it is run as "_postgresql" under /root.
Yes exactly, so it *is* an issue with the way pg_ctl works.
Show me another utility that breaks like this.
> # id
> uid=0(root) gid=0(wheel) groups=0(wheel), 2(kmem), 3(sys), 4(tty),
> 5(operator), 20(staff), 31(guest)
> # cd /root && pg_ctl reload
> pg_ctl: cannot be run as root
> Please log in (using, e.g., "su") as the (unprivileged) user that will
> own the server process.
That is not the issue.
The issue is that pg_ctl cannot run within a directory it has not access to.
# mkdir /tmp/toto && chmod 700 /tmp/toto && cd /tmp/toto && su -m -c daemon -s
/bin/sh _postgresql -c '/usr/local/bin/pg_ctl start -D /var/postgresql/data -w
-l /var/postgresql/logfile'
could not identify current directory: Permission denied
could not identify current directory: Permission denied
could not identify current directory: Permission denied
The program "postgres" is needed by pg_ctl but was not found in the
same directory as "pg_ctl".
Check your installation.
While other stuff just works fine:
# mkdir /tmp/toto && chmod 700 /tmp/toto && cd /tmp/toto && su -m -c daemon -s
/bin/sh _redis -c '/usr/local/sbin/redis-server /etc/redis/redis.conf'
82979:C 29 Oct 00:44:51.407 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo
82979:C 29 Oct 00:44:51.408 # Redis version=4.0.11, bits=64, commit=00000000,
modified=0, pid=82979, just started
82979:C 29 Oct 00:44:51.408 # Configuration loaded
> > Thoughts?
>
> I am a bit shared.
>
> I think it could be fixed in rc_subr in two ways:
> - by adding something in rcexec variable to perform the chdir
> - by forcing a `cd /' in /etc/rc.d/rc_subr (and makes the whole rc.d
> script executed in /)
>
> for (1), it needs a program that will change the directory and exec
> another program (or an option on su, sh, env). using rcexec="chroot /
> ${rcexec}"
> is a possibility, but it seems wrong to me to use chroot for this
> purpose.
>
> for (2), it could be done by adding "cd /" after FUNCS_ONLY check. but I
> am unsure if it could trigger some side-effects.
--
Antoine
