On Fri, Jan 21, 2011 at 07:02, Fujii Masao <[email protected]> wrote: > On Fri, Jan 21, 2011 at 1:00 AM, Tom Lane <[email protected]> wrote: >> Fujii Masao <[email protected]> writes: >>> On Thu, Jan 20, 2011 at 10:53 AM, Tom Lane <[email protected]> wrote: >> In the case you sketch, there would be nothing to stop the (non root) >> postgres user from renaming $PGDATA/mnt to something else and then >> inserting his own trojan-horse directories. > > Hmm.. can non-root postgres user really rename the root-owned directory > while it's being mounted?
No, but you can rename the parent directory of it, and then create another directory inside it with the same name as the root owned directory had. >> Moreover, I see no positive *good* reason to do it. There isn't >> anyplace under $PGDATA that users should be randomly creating >> directories, much less mount points. > > When taking a base backup, you don't need to take a backup of tablespaces > separately from that of $PGDATA. You have only to take a backup of $PGDATA. But why are you creating tablespaces in the first place, if you're sticking them in $PGDATA? I'd put myself in the +1 camp for "throw an error when someone tries to create a tablespace inside $PGDATA". -- Magnus Hagander Me: http://www.hagander.net/ Work: http://www.redpill-linpro.com/ -- Sent via pgsql-hackers mailing list ([email protected]) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
