Re: [HACKERS] Add socket dir to pg_config..?

2011-10-31 Thread Cédric Villemain
2011/10/30 Martijn van Oosterhout klep...@svana.org:
 On Sat, Oct 29, 2011 at 08:28:57PM +, Mr. Aaron W. Swenson wrote:
  If /tmp is the only decent place where to put the socket file on Unix
  when security and other concerns are considered, then sure, making
  distro life difficult is a good thing to do. But then let's take it to
  the FHS that debian and ubuntu are implementing, AFAIUI.

 In Gentoo, we change the socket directory to /var/run/postgresql via
 pg_config_manual.h. However, I'm not too terribly interested in pg_config
 outputting the directory location.

 Frankly, I'm not seeing the difference between the socket directory and
 the listen_addresses option. When connecting you can specify the
 socket directory to use via the host option.

 It might even be more logical to be able to specify multiple
 directories. Given we support multiple listen sockets I can't imagine
 it would require much code.

 (And yes, just today I ran into the issue of hardcoded paths. If the
 directory it points to is not world writable then you've limited the
 users who can run the postgres server. Which is an unnecessary
 restriction imho).


For Debian, the reason is :

Description: Put server Unix sockets into /var/run/postgresql/ by default
Forwarded: No, Debian specific configuration with postgresql-common

Using /tmp for sockets allows everyone to spoof a PostgreSQL server. Thus use
/var/run/postgresql/ for system clusters which run as 'postgres' (user
clusters will still use /tmp). Since system cluster are by far the common case,
set it as default.




-- 
Cédric Villemain +33 (0)6 20 30 22 52
http://2ndQuadrant.fr/
PostgreSQL: Support 24x7 - Développement, Expertise et Formation

-- 
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers


Re: [HACKERS] Add socket dir to pg_config..?

2011-10-30 Thread Martijn van Oosterhout
On Sat, Oct 29, 2011 at 08:28:57PM +, Mr. Aaron W. Swenson wrote:
  If /tmp is the only decent place where to put the socket file on Unix
  when security and other concerns are considered, then sure, making
  distro life difficult is a good thing to do. But then let's take it to
  the FHS that debian and ubuntu are implementing, AFAIUI.

 In Gentoo, we change the socket directory to /var/run/postgresql via
 pg_config_manual.h. However, I'm not too terribly interested in pg_config
 outputting the directory location.

Frankly, I'm not seeing the difference between the socket directory and
the listen_addresses option. When connecting you can specify the
socket directory to use via the host option.

It might even be more logical to be able to specify multiple
directories. Given we support multiple listen sockets I can't imagine
it would require much code.

(And yes, just today I ran into the issue of hardcoded paths. If the
directory it points to is not world writable then you've limited the
users who can run the postgres server. Which is an unnecessary
restriction imho).

Have a nice day,
-- 
Martijn van Oosterhout   klep...@svana.org   http://svana.org/kleptog/
 He who writes carelessly confesses thereby at the very outset that he does
 not attach much importance to his own thoughts.
   -- Arthur Schopenhauer


signature.asc
Description: Digital signature


Re: [HACKERS] Add socket dir to pg_config..?

2011-10-29 Thread Greg Stark
On Fri, Oct 28, 2011 at 5:33 PM, Dimitri Fontaine
dimi...@2ndquadrant.fr wrote:
 I'm puzzled, maybe I'm not understanding a key point here though.


I think the only thing you're missing here is that, despite
appearances some days, Postgres is not run by a single hive mind. Tom
thinks there needs to be a single location for all builds as it's part
of the protocol, and others agree with the approach Debian took and we
haven't really resolved that
discrepancy. So Postgres's treatment of this configuration is
naturally a bit schizophrenic.

-- 
greg

-- 
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers


Re: [HACKERS] Add socket dir to pg_config..?

2011-10-29 Thread Mr. Aaron W. Swenson
On Fri, Oct 28, 2011 at 06:33:39PM +0200, Dimitri Fontaine wrote:
 Andrew Dunstan and...@dunslane.net writes:
  Er, which distros other than debian/ubuntu?
 
 Well, any and all derivatives I guess, to begin with.
 
   http://distrowatch.com/dwres.php?resource=independence#debian
   Based on Debian GNU/Linux: 129 Distributions
 
 More seriously, I'm not sure how to understand why some people will both
 frown upon distribution allowing themselves to patch the version of
 PostgreSQL they are packaging, and vote against making their life
 easier.
 
 If /tmp is the only decent place where to put the socket file on Unix
 when security and other concerns are considered, then sure, making
 distro life difficult is a good thing to do. But then let's take it to
 the FHS that debian and ubuntu are implementing, AFAIUI.
 
 I'm puzzled, maybe I'm not understanding a key point here though.
 
 Regards,
 -- 
 Dimitri Fontaine
 http://2ndQuadrant.fr PostgreSQL : Expertise, Formation et Support

In Gentoo, we change the socket directory to /var/run/postgresql via
pg_config_manual.h. However, I'm not too terribly interested in pg_config
outputting the directory location.

We inform users at the end of every install where the default location
is. Further, all of the packages we maintain build against the sources so
the packages automatically know where the socket directory is located.

-- 
Mr. Aaron W. Swenson
Gentoo Linux Developer
Email: titanof...@gentoo.org
GnuPG FP : 2C00 7719 4F85 FB07 A49C  0E31 5713 AA03 D1BB FDA0
GnuPG ID : D1BBFDA0


pgph6Z3VCbZWh.pgp
Description: PGP signature


Re: [HACKERS] Add socket dir to pg_config..?

2011-10-28 Thread Cédric Villemain
2011/10/28 Tom Lane t...@sss.pgh.pa.us:
 Stephen Frost sfr...@snowman.net writes:
   Was just wondering if we might want to include the default socket
   directory that was compiled in as part of the pg_config output..?

 [ shrug... ]  We don't report the compiled-in port number, which is
 considerably more critical.  And we don't report changes in any of the
 other stuff in pg_config_manual.h.

 MHO is that changing the socket directory is only marginally supported,
 and we shouldn't encourage it unless we're prepared to fully support it
 (which we can't really).

There is a TODO about that.

   Allow simpler reporting of the unix domain socket directory and allow
   easier configuration of its default location

   * http://archives.postgresql.org/pgsql-hackers/2010-10/msg01555.php

Last time the subject came in, the result was that pg_config may
output it, but the solution that most people seems to agree at this
time was to add a configure option. Except that we didn't want to
encourage people to change the default_socket_dir, so a documentation
update in this direction was suggested to be done at the same time the
switch is added to PostgreSQL.

-- 
Cédric Villemain +33 (0)6 20 30 22 52
http://2ndQuadrant.fr/
PostgreSQL: Support 24x7 - Développement, Expertise et Formation

-- 
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers


Re: [HACKERS] Add socket dir to pg_config..?

2011-10-28 Thread Stephen Frost
* Tom Lane (t...@sss.pgh.pa.us) wrote:
 [ shrug... ]  We don't report the compiled-in port number, which is
 considerably more critical.  And we don't report changes in any of the
 other stuff in pg_config_manual.h.

True.

 MHO is that changing the socket directory is only marginally supported,
 and we shouldn't encourage it unless we're prepared to fully support it
 (which we can't really).

This concerns me a bit, as most distros change it..  What would you
expect to break when the socket dir is changed from the default?

Thanks,

Stephen


signature.asc
Description: Digital signature


Re: [HACKERS] Add socket dir to pg_config..?

2011-10-28 Thread Andrew Dunstan



On 10/28/2011 08:01 AM, Stephen Frost wrote:




MHO is that changing the socket directory is only marginally supported,
and we shouldn't encourage it unless we're prepared to fully support it
(which we can't really).

This concerns me a bit, as most distros change it..  What would you
expect to break when the socket dir is changed from the default?




Er, which distros other than debian/ubuntu?

cheers

andrew

--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers


Re: [HACKERS] Add socket dir to pg_config..?

2011-10-28 Thread Dimitri Fontaine
Andrew Dunstan and...@dunslane.net writes:
 Er, which distros other than debian/ubuntu?

Well, any and all derivatives I guess, to begin with.

  http://distrowatch.com/dwres.php?resource=independence#debian
  Based on Debian GNU/Linux: 129 Distributions

More seriously, I'm not sure how to understand why some people will both
frown upon distribution allowing themselves to patch the version of
PostgreSQL they are packaging, and vote against making their life
easier.

If /tmp is the only decent place where to put the socket file on Unix
when security and other concerns are considered, then sure, making
distro life difficult is a good thing to do. But then let's take it to
the FHS that debian and ubuntu are implementing, AFAIUI.

I'm puzzled, maybe I'm not understanding a key point here though.

Regards,
-- 
Dimitri Fontaine
http://2ndQuadrant.fr PostgreSQL : Expertise, Formation et Support

-- 
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers


[HACKERS] Add socket dir to pg_config..?

2011-10-27 Thread Stephen Frost
All,

  Was just wondering if we might want to include the default socket
  directory that was compiled in as part of the pg_config output..?
  
Thanks,

Stephen


signature.asc
Description: Digital signature


Re: [HACKERS] Add socket dir to pg_config..?

2011-10-27 Thread Tom Lane
Stephen Frost sfr...@snowman.net writes:
   Was just wondering if we might want to include the default socket
   directory that was compiled in as part of the pg_config output..?

[ shrug... ]  We don't report the compiled-in port number, which is
considerably more critical.  And we don't report changes in any of the
other stuff in pg_config_manual.h.

MHO is that changing the socket directory is only marginally supported,
and we shouldn't encourage it unless we're prepared to fully support it
(which we can't really).

regards, tom lane

-- 
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers