public inbox for [email protected]
help / color / mirror / Atom feedFrom: Tom Lane <[email protected]>
To: Amol Inamdar <[email protected]>
Cc: Laurenz Albe <[email protected]>
Cc: [email protected]
Subject: Re: Bypassing Directory Ownership Check in PostgreSQL 16.6 with Secure z/OS NFS (AT-TLS)
Date: Thu, 17 Jul 2025 01:14:33 -0400
Message-ID: <[email protected]> (raw)
In-Reply-To: <CAGOe9RjzoPnc5ZsTMHjDLn2BAX++G2VznP2zLcWkO3Ba1sSJTA@mail.gmail.com>
References: <CAGOe9RiRUK9K8gUbsMfg8nWDsM2Fd9py-2oe4VG1Uaggu8fQGA@mail.gmail.com>
<[email protected]>
<[email protected]>
<CAGOe9RirtoXtMJhejo4_V+Si83+c4gfM_E-DH9WqaEBJ9SnfiA@mail.gmail.com>
<CAGOe9RiBSEZo3c8akePA+11HmV1JHx0Lsk57-fGfM0DEf4ekXg@mail.gmail.com>
<[email protected]>
<CAGOe9RjzoPnc5ZsTMHjDLn2BAX++G2VznP2zLcWkO3Ba1sSJTA@mail.gmail.com>
Amol Inamdar <[email protected]> writes:
> @Laurenz Albe <[email protected]>
>> If you pre-create the data directory with the appropriate permissions,
>> what keeps you from giving ownership to the correct user too?
> Our NFS server is not a regular linux based server,
> it's on zOS (Mainframes) with AT-TLS security enabled,
> hence it doesn't allow changing of ownership.
Not only is that not a fit storage substrate for Postgres,
it's pretty hard to imagine that it's a fit substrate for
anything. "Every file on this filesystem must belong to the
same owner" is a concept that should have gone out with
floppy disks.
You need some extremely fundamental re-examination of your
design decisions. At the moment I am content to say that
Postgres does not support this storage mechanism and we
do not intend to do so in the future.
regards, tom lane
view thread (3+ messages)
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected], [email protected]
Subject: Re: Bypassing Directory Ownership Check in PostgreSQL 16.6 with Secure z/OS NFS (AT-TLS)
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox