Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1ucGx8-00B27p-7x
	for pgsql-general@arkaria.postgresql.org; Thu, 17 Jul 2025 05:14:42 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1ucGx5-00GZwq-S4
	for pgsql-general@arkaria.postgresql.org; Thu, 17 Jul 2025 05:14:40 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
	by malur.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <tgl@sss.pgh.pa.us>)
	id 1ucGx5-00GZwi-Gu
	for pgsql-general@lists.postgresql.org; Thu, 17 Jul 2025 05:14:40 +0000
Received: from sss.pgh.pa.us ([68.162.161.243])
	by magus.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <tgl@sss.pgh.pa.us>)
	id 1ucGx4-008C6B-0A
	for pgsql-general@lists.postgresql.org;
	Thu, 17 Jul 2025 05:14:39 +0000
Received: from sss1.sss.pgh.pa.us (localhost [127.0.0.1])
	by sss.pgh.pa.us (8.15.2/8.15.2) with ESMTP id 56H5EXf41344584;
	Thu, 17 Jul 2025 01:14:33 -0400
From: Tom Lane <tgl@sss.pgh.pa.us>
To: Amol Inamdar <amol.aai@gmail.com>
cc: Laurenz Albe <laurenz.albe@cybertec.at>,
        pgsql-general@lists.postgresql.org
Subject: Re: Bypassing Directory Ownership Check in PostgreSQL 16.6 with Secure z/OS NFS (AT-TLS)
In-reply-to: <CAGOe9RjzoPnc5ZsTMHjDLn2BAX++G2VznP2zLcWkO3Ba1sSJTA@mail.gmail.com>
References: <CAGOe9RiRUK9K8gUbsMfg8nWDsM2Fd9py-2oe4VG1Uaggu8fQGA@mail.gmail.com> <13e3100fc7c7d14919c37943dcfd76b263cecce2.camel@cybertec.at> <609925.1752502040@sss.pgh.pa.us> <CAGOe9RirtoXtMJhejo4_V+Si83+c4gfM_E-DH9WqaEBJ9SnfiA@mail.gmail.com> <CAGOe9RiBSEZo3c8akePA+11HmV1JHx0Lsk57-fGfM0DEf4ekXg@mail.gmail.com> <62b420e1c9500c68c1bc135810d4cf9f3289fb8c.camel@cybertec.at> <CAGOe9RjzoPnc5ZsTMHjDLn2BAX++G2VznP2zLcWkO3Ba1sSJTA@mail.gmail.com>
Comments: In-reply-to Amol Inamdar <amol.aai@gmail.com>
	message dated "Thu, 17 Jul 2025 10:22:37 +0530"
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <1344582.1752729273.1@sss.pgh.pa.us>
Date: Thu, 17 Jul 2025 01:14:33 -0400
Message-ID: <1344583.1752729273@sss.pgh.pa.us>
List-Id: <pgsql-general.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-general@lists.postgresql.org>
List-Owner: <mailto:pgsql-general-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-general>
Archived-At: <https://www.postgresql.org/message-id/1344583.1752729273%40sss.pgh.pa.us>
Precedence: bulk

Amol Inamdar <amol.aai@gmail.com> writes:
> @Laurenz Albe <laurenz.albe@cybertec.at>
>> If you pre-create the data directory with the appropriate permissions,
>> what keeps you from giving ownership to the correct user too?

> Our NFS server is not a regular linux based server,
> it's on zOS (Mainframes) with AT-TLS security enabled,
> hence it doesn't allow changing of ownership.

Not only is that not a fit storage substrate for Postgres,
it's pretty hard to imagine that it's a fit substrate for
anything.  "Every file on this filesystem must belong to the
same owner" is a concept that should have gone out with
floppy disks.

You need some extremely fundamental re-examination of your
design decisions.  At the moment I am content to say that
Postgres does not support this storage mechanism and we
do not intend to do so in the future.

			regards, tom lane