Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1ubdxm-003QV5-EG for pgsql-general@arkaria.postgresql.org; Tue, 15 Jul 2025 11:36:46 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1ubdxk-001RLA-H1 for pgsql-general@arkaria.postgresql.org; Tue, 15 Jul 2025 11:36:45 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1ubdxk-001RL2-5i for pgsql-general@lists.postgresql.org; Tue, 15 Jul 2025 11:36:44 +0000 Received: from mail-ej1-x62c.google.com ([2a00:1450:4864:20::62c]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.96) (envelope-from ) id 1ubdxj-007OmR-0B for pgsql-general@lists.postgresql.org; Tue, 15 Jul 2025 11:36:43 +0000 Received: by mail-ej1-x62c.google.com with SMTP id a640c23a62f3a-ae3be3eabd8so1115299966b.1 for ; Tue, 15 Jul 2025 04:36:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1752579401; x=1753184201; darn=lists.postgresql.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=dAVgSLJm1zq4fETO3sC1K1HE4nQBrb2buFiY7XGkFjg=; b=cyQEAyqQ3riwpI9mAj50YuQWuGwQmwTBLgRJ01ko6DCtxnqxg/uIvx2woD4ve3oVmB QpQFt3kfyuVueudNHPvQDROzK/NsNhLNOzi4fCkX6CN4jckl2DMC32sf7J3l2fLLRqu9 3lUDUnskyB23CMpFANhAGwVrLueYSbhMgLleoLDJCUWHskToIUY8rcLPaz/3vxBk1EDB uGRJke3C0JcCtSaK5N039YHYdFZDehpucfwjgKn0GE3KflnhW7LpRjWRh/nSY9q0f1/2 ioBI2F+1jyAPvg943nWSb+ww3H2vsgq4dkQc5aqgW3by77igRdjxAnbnnsxOkBUszNpm fdOg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1752579401; x=1753184201; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=dAVgSLJm1zq4fETO3sC1K1HE4nQBrb2buFiY7XGkFjg=; b=CiDdNeAKQa/fkxms62yNgNYEh+tRusMlYZ3JQPXaesLNNDVmnyi2rPIX7vv3WvJtzn abWB1Mj6M6OdP04EWJ8L65RLrI6DxR0z2o0DGd/5iYWmckNNUgFjQ7Ngf5dbWiLg647f rtx3RuCS+wgXVCxkhlk5iflWDkmXhh/J0xO4xJJ0M92Oo93mipTUM2WzzhmvjwEK9iS2 gxBlSXErM7gNCwxvC67U3pzh1lL2OyMPYcKluoqnL83d67RVpzVkBvLy3pwFmfa2ngtW 1hAi4MzVRPtdH1gv4nrASaWTedpFbfj2dRn9/CVMQ5QpH/cA2la+VhMQCp6JOb3QWu8b MBSg== X-Forwarded-Encrypted: i=1; AJvYcCX4yrektzdhn80wYE5VZu/osAlnjkMTDq5Qf8Q8wLHxkZrN8Cz+Smrvg6yRGvuh/DbIofZu9t0uxw98yeHG@lists.postgresql.org X-Gm-Message-State: AOJu0YwH+1sFnW/a+d/A8f/cbqvyEUjrpWmgXJwBaQdW5M1ihNeL6MPy pLJ2HQ2nv2LUo+xJWCnwJhqvd7DAsYxFIKlvVDz+PVN8H3NIVbqdM8IprcrRdEMaCWHi/C24BvB j26rlEYUle7de+QqsU5qe5bwX0eOpnVQ= X-Gm-Gg: ASbGnctuYOayzfU753hDzDRI8YVbaw/ebNE/rAEoH7TvTdjEnqf9x+JekSlpdo/TgTY 9lePfNwSpEjiJ14ITwtcPcyBF31D9eIrAoU0/uDj6mvN7YIkMM0wENzN5YaisfuAhBAlVXRYTJR 4BOfpuVdTZlj/yKUnkc9wZ7OH4Hlh/QT2DSPiFJOHwo1fFpRczgy3El9KwxGO+k5ubSGYoyxQc8 J9JIdabBHeBqlp1i/ue6jnLQSwsJt0uIw+OF9jRqg== X-Google-Smtp-Source: AGHT+IF8Fn2QYKCsLqLVjDRsS3dgjM0wLoS5Bx9I801LsoGf5oyAqnjBcQPOeP5cs0GLgKBS8SphKABgzGy++4ws8Yg= X-Received: by 2002:a17:907:e2ea:b0:ae3:6e5c:1c05 with SMTP id a640c23a62f3a-ae9b5dd8a69mr294937866b.30.1752579401360; Tue, 15 Jul 2025 04:36:41 -0700 (PDT) MIME-Version: 1.0 References: <13e3100fc7c7d14919c37943dcfd76b263cecce2.camel@cybertec.at> <609925.1752502040@sss.pgh.pa.us> In-Reply-To: <609925.1752502040@sss.pgh.pa.us> From: Amol Inamdar Date: Tue, 15 Jul 2025 17:06:29 +0530 X-Gm-Features: Ac12FXzLW1NwjZctRQfAAClsMcz9Md05eciV3pJQEK_Ptvg6cLcUNdGMa6mmRm0 Message-ID: Subject: Re: Bypassing Directory Ownership Check in PostgreSQL 16.6 with Secure z/OS NFS (AT-TLS) To: Tom Lane Cc: Laurenz Albe , pgsql-general@lists.postgresql.org Content-Type: multipart/alternative; boundary="000000000000a8ad440639f630fc" List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk --000000000000a8ad440639f630fc Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Thanks Tom and Laurenz for the explanation. Let me try out a few things and get back to you if needed. Thanks, Amol On Mon, Jul 14, 2025 at 7:37=E2=80=AFPM Tom Lane wrote: > Laurenz Albe writes: > > It is not a good idea to have a mount point be the data directory. > > ^^^ This. ^^^ > > That is primarily for safety reasons: if for some reason the > filesystem gets dismounted, or hasn't come on-line yet during > a reboot, you do not want Postgres to be able to write on the > underlying mount-point directory. There is a sobering tale > in this old thread: > > https://www.postgresql.org/message-id/flat/41BFAB7C.5040108%40joeconway.c= om > > Now it didn't help any that they were using a start script that > would automatically run initdb if it didn't see a data directory > where expected. But even without that, you are in for a world of > hurt if the mount drops while the server is running and the server > has any ability to write on the underlying storage; it will think > whatever it was able to write is safely down on disk. To prevent > that, the server must not have write permissions on the mount > point, which dictates making a separate data directory (with > different ownership/permissions) just below the mount. > > Do not bypass that ownership/permissions check. It is there > for very good reasons. > > regards, tom lane > --=20 -regards Amol --000000000000a8ad440639f630fc Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Thanks Tom and Laurenz for the explanation.=C2=A0
Let = me try out a few things and get back to you if needed.

T= hanks,
Amol

On Mon, Jul 14, 2025= at 7:37=E2=80=AFPM Tom Lane <tgl@s= ss.pgh.pa.us> wrote:
Laurenz Albe <laurenz.albe@cybertec.at> writes:
> It is not a good idea to have a mount point be the data directory.

^^^ This. ^^^

That is primarily for safety reasons: if for some reason the
filesystem gets dismounted, or hasn't come on-line yet during
a reboot, you do not want Postgres to be able to write on the
underlying mount-point directory.=C2=A0 There is a sobering tale
in this old thread:

https://www.postgresql.or= g/message-id/flat/41BFAB7C.5040108%40joeconway.com

Now it didn't help any that they were using a start script that
would automatically run initdb if it didn't see a data directory
where expected.=C2=A0 But even without that, you are in for a world of
hurt if the mount drops while the server is running and the server
has any ability to write on the underlying storage; it will think
whatever it was able to write is safely down on disk.=C2=A0 To prevent
that, the server must not have write permissions on the mount
point, which dictates making a separate data directory (with
different ownership/permissions) just below the mount.

Do not bypass that ownership/permissions check.=C2=A0 It is there
for very good reasons.

=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 regards, tom lane


--
-regards
Amol
--000000000000a8ad440639f630fc--