Dear PostgreSQL Community,

I'm currently running PostgreSQL version 16.6 inside a Docker container
(base image: UBI 9), using Docker Compose. The PostgreSQL data directory
is mounted from an NFS volume hosted on a z/OS NFS server.

The environment has a few constraints:

- The NFS server runs on z/OS with AT-TLS enabled.
- It’s a highly secure and access-controlled setup.
- Due to platform restrictions on z/OS, the mounted NFS directory cannot
  be owned by the PostgreSQL user (e.g., `postgres`) inside the container.
- As a result, PostgreSQL fails to start because of the directory
  ownership validation check.

Given the secure nature of the NFS server, I’d like to ask:

1. Is there a supported or recommended way to bypass the ownership
   check on the data directory?
2. What are the potential risks or implications of doing so in a secure
   NFS environment?
3. I'm considering building a custom PostgreSQL image by modifying the
   `miscinit.c` file—specifically, disabling the ownership check in the
   `checkDataDir()` function. Is this a reasonable approach, and are
   there any caveats or unintended side effects I should be aware of?

**Disclaimer**: The z/OS NFS server is secured using AT-TLS and enforces
strict access control policies. My intention is not to weaken
PostgreSQL’s security model, but to adapt to platform-specific
constraints while maintaining overall security integrity.

Any insights, experiences, or alternative suggestions would be greatly
appreciated.

Best regards,
Amol

Reply via email to