public inbox for [email protected]
help / color / mirror / Atom feedFrom: Amol Inamdar <[email protected]>
To: Laurenz Albe <[email protected]>
Cc: [email protected]
Subject: Re: Bypassing Directory Ownership Check in PostgreSQL 16.6 with Secure z/OS NFS (AT-TLS)
Date: Mon, 14 Jul 2025 17:59:12 +0530
Message-ID: <CAGOe9RijT-5X=UoeGv_TeW=KVVV9xvBBSwY9V-a=n_8GyzdRDA@mail.gmail.com> (raw)
In-Reply-To: <[email protected]>
References: <CAGOe9RiRUK9K8gUbsMfg8nWDsM2Fd9py-2oe4VG1Uaggu8fQGA@mail.gmail.com>
<[email protected]>
Hi Laurenz
Thanks for the reply,
If I am not mistaken, below is my understanding of your suggestion.
Suppose that My mount point on the NFS server is say /nfs-mount/postgres/
and you are suggesting to have a data directory as say
/nfs-mount/postgres/db or something like that ?
and assign this value to the PGDATA ?
If that is the case, then when and who should be creating the directory DB
?
Please correct me if I am wrong about the understanding.
Thanks,
Amol
On Mon, Jul 14, 2025 at 5:50 PM Laurenz Albe <[email protected]>
wrote:
> On Mon, 2025-07-14 at 11:19 +0530, Amol Inamdar wrote:
> > I'm currently running PostgreSQL version 16.6 inside a Docker container
> > (base image: UBI 9), using Docker Compose. The PostgreSQL data directory
> > is mounted from an NFS volume hosted on a z/OS NFS server.
> >
> > The environment has a few constraints:
> >
> > - It’s a highly secure and access-controlled setup.
> > - Due to platform restrictions on z/OS, the mounted NFS directory cannot
> > be owned by the PostgreSQL user (e.g., `postgres`) inside the
> container.
> > - As a result, PostgreSQL fails to start because of the directory
> > ownership validation check.
>
> It is not a good idea to have a mount point be the data directory.
> The proper solution is to create the data directory inside the
> mount point. That way, the permissions of the data directory don't
> have to be the same as the permissions of the mount point.
>
> Yours,
> Laurenz Albe
>
--
-regards
Amol
view thread (11+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected]
Subject: Re: Bypassing Directory Ownership Check in PostgreSQL 16.6 with Secure z/OS NFS (AT-TLS)
In-Reply-To: <CAGOe9RijT-5X=UoeGv_TeW=KVVV9xvBBSwY9V-a=n_8GyzdRDA@mail.gmail.com>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox