Hey all, Christian Tacke [2014-03-08 12:56 +0100]: > > > Note that this is a little too simplistic. This directory is only > > > writable to clusters owned by postgres. While that is the default, you > > > can assign any other owner, and you can even call pg_createcluster as > > > a normal user and put everything into your $HOME; in those cases, > > > /tmp/ will be used for the Unix socket, and we can't use > > > /var/run/postgresql/. > > > > pg_createcluster will still want to write to /etc/postgresql which is > > owned by postgres, so the stats_temp_directory doesn't make the > > situation worse. > > /etc/postgresql is even owned by root on my system. > /etc/postgresql/VERSION is owned by postgres though. > > Note that pg_ctlcluster creates the stats_temp_directory > and sets the owner of that directory to the cluster owner. > So for clusters that root/postgres created but hands over > to other people, this should actually work. (Not tested!)
Yes, as long as the init scripts (which run as root) do that, the init script could pre-create the stats dir (the patch doesn't currently do that, though). It would still not work to run pg_ctlcluster start as the cluster owner, though. > /tmp is possibly still better than the data directory. Yes, indeed. Especially on machines with a reasonable amount of memory it is advisable to put /tmp/ on a tmpfs, and I guess many people do that (reduces battery usage, HD wakeups/wearout/fragmentation, and on servers to increase performance). > SECURITY consideration: I have not reviewed pg_ctlcluster > for creating the stat_tmp directory in a safe way. The name > of the directory is very predictable, so this might be an > issue. pg_ctlcluster wouldn't do that, that's postgres itself. But creating directories is generally safe, as mkdir() fails if the file already exists (even as a dangling symlink); it's creating temporary files which needs special attention (O_EXCL). > I'm suggesting to use my patch for now/starters. > > It shouldn't break anything for admin-created clusters that > wasn't broken before. (For those, the tmp-dir should be > created correctly by pg_ctlcluster). As I wrote, it will break admin-created clusters which are not owned by "postgres". They currently work just fine now. > Very simple mitigation: Add some more documentation to > createcluster.conf on the lines of > # Clusters created by normal users will need to change this > # option in postgresql.conf, because the directory will not > # be setup properly for them. No, I don't believe in configuring broken defaults. Then let's rather only configure this for owners which can actually write /var/run/postgres/, so that the status quo is kept for clusters of other owners. Martin -- Martin Pitt | http://www.piware.de Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org) _______________________________________________ Pkg-postgresql-public mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-postgresql-public
