Re: Bypassing Directory Ownership Check in PostgreSQL 16.6 with Secure z/OS NFS (AT-TLS)

public inbox for [email protected]  
help / color / mirror / Atom feed

From: Amol Inamdar <[email protected]>
To: Tom Lane <[email protected]>
Cc: Laurenz Albe <[email protected]>
Cc: [email protected]
Subject: Re: Bypassing Directory Ownership Check in PostgreSQL 16.6 with Secure z/OS NFS (AT-TLS)
Date: Tue, 15 Jul 2025 17:06:29 +0530
Message-ID: <CAGOe9RirtoXtMJhejo4_V+Si83+c4gfM_E-DH9WqaEBJ9SnfiA@mail.gmail.com> (raw)
In-Reply-To: <[email protected]>
References: <CAGOe9RiRUK9K8gUbsMfg8nWDsM2Fd9py-2oe4VG1Uaggu8fQGA@mail.gmail.com>
	<[email protected]>
	<[email protected]>

Thanks Tom and Laurenz for the explanation.
Let me try out a few things and get back to you if needed.

Thanks,
Amol

On Mon, Jul 14, 2025 at 7:37 PM Tom Lane <[email protected]> wrote:

> Laurenz Albe <[email protected]> writes:
> > It is not a good idea to have a mount point be the data directory.
>
> ^^^ This. ^^^
>
> That is primarily for safety reasons: if for some reason the
> filesystem gets dismounted, or hasn't come on-line yet during
> a reboot, you do not want Postgres to be able to write on the
> underlying mount-point directory.  There is a sobering tale
> in this old thread:
>
> https://www.postgresql.org/message-id/flat/41BFAB7C.5040108%40joeconway.com
>
> Now it didn't help any that they were using a start script that
> would automatically run initdb if it didn't see a data directory
> where expected.  But even without that, you are in for a world of
> hurt if the mount drops while the server is running and the server
> has any ability to write on the underlying storage; it will think
> whatever it was able to write is safely down on disk.  To prevent
> that, the server must not have write permissions on the mount
> point, which dictates making a separate data directory (with
> different ownership/permissions) just below the mount.
>
> Do not bypass that ownership/permissions check.  It is there
> for very good reasons.
>
>                         regards, tom lane
>


-- 
-regards
Amol

view thread (11+ messages)  latest in thread

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected], [email protected], [email protected], [email protected]
  Subject: Re: Bypassing Directory Ownership Check in PostgreSQL 16.6 with Secure z/OS NFS (AT-TLS)
  In-Reply-To: <CAGOe9RirtoXtMJhejo4_V+Si83+c4gfM_E-DH9WqaEBJ9SnfiA@mail.gmail.com>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox