pgbouncer packaging issue

public inbox for [email protected]  
help / color / mirror / Atom feed

pgbouncer packaging issue
5+ messages / 4 participants
[nested] [flat]

* pgbouncer packaging issue
@ 2018-01-09 18:47  Brandon Snider <[email protected]>
  0 siblings, 1 reply; 5+ messages in thread

From: Brandon Snider @ 2018-01-09 18:47 UTC (permalink / raw)
  To: pgsql-pkg-yum

Hi, I have an issue to report with a config file shipped in the
pgbouncer package.

You're installing /usr/lib/tmpfiles.d/pgbouncer.conf to create the
/var/run/pgbouncer dir, but the permissions on that dir are too
restrictive -- 700 -- for any file to be read by any user except
pgbouncer and root. In my situation, for whatever reason my PHP
implementation can't read unix sockets in /tmp, and I would like to
install the socket to the /var/run dir since the pgbouncer user has
write permissions there. This is a very similar situation as the
postgresql conf file which creates the /var/run/postgresql dir. I
could manually change the directory permission myself, but it would be
overwritten the next time there's a bouncer update.

Thanks.

 -- Brandon J. Snider

^ permalink  raw  reply  [nested|flat] 5+ messages in thread

* Re: pgbouncer packaging issue
@ 2018-01-09 18:59  Peter Eisentraut <[email protected]>
  parent: Brandon Snider <[email protected]>
  0 siblings, 1 reply; 5+ messages in thread

From: Peter Eisentraut @ 2018-01-09 18:59 UTC (permalink / raw)
  To: Brandon Snider <[email protected]>; pgsql-pkg-yum

On 1/9/18 13:47, Brandon Snider wrote:
> You're installing /usr/lib/tmpfiles.d/pgbouncer.conf to create the
> /var/run/pgbouncer dir, but the permissions on that dir are too
> restrictive -- 700 -- for any file to be read by any user except
> pgbouncer and root. In my situation, for whatever reason my PHP
> implementation can't read unix sockets in /tmp,

That might need further explanation.

> and I would like to
> install the socket to the /var/run dir since the pgbouncer user has
> write permissions there. This is a very similar situation as the
> postgresql conf file which creates the /var/run/postgresql dir. I
> could manually change the directory permission myself, but it would be
> overwritten the next time there's a bouncer update.

Depending on the operating system, you should put the socket into /tmp
or /var/run/postgresql, because that's where a PostgreSQL client would
expect it.  The client isn't supposed to know that it's connecting to
pgbouncer instead.  So /var/run/pgbouncer is in any case not a
designated place for a Unix-domain socket.

-- 
Peter Eisentraut              http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services




^ permalink  raw  reply  [nested|flat] 5+ messages in thread

* Re: pgbouncer packaging issue
@ 2018-01-09 21:11  Christoph Berg <[email protected]>
  parent: Peter Eisentraut <[email protected]>
  0 siblings, 1 reply; 5+ messages in thread

From: Christoph Berg @ 2018-01-09 21:11 UTC (permalink / raw)
  To: [email protected]; Peter Eisentraut <[email protected]>; Brandon Snider <[email protected]>; pgsql-pkg-yum

Am 9. Januar 2018 19:59:04 MEZ schrieb Peter Eisentraut <[email protected]>:
>On 1/9/18 13:47, Brandon Snider wrote:
>> You're installing /usr/lib/tmpfiles.d/pgbouncer.conf to create the
>> /var/run/pgbouncer dir, but the permissions on that dir are too
>> restrictive -- 700 -- for any file to be read by any user except
>> pgbouncer and root. In my situation, for whatever reason my PHP
>> implementation can't read unix sockets in /tmp,
>
>That might need further explanation.

That's likely systemd at work. By default, each process gets its own /tmp bind-mounted.






^ permalink  raw  reply  [nested|flat] 5+ messages in thread

* Re: pgbouncer packaging issue
@ 2018-01-10 14:56  Peter Eisentraut <[email protected]>
  parent: Christoph Berg <[email protected]>
  0 siblings, 1 reply; 5+ messages in thread

From: Peter Eisentraut @ 2018-01-10 14:56 UTC (permalink / raw)
  To: Christoph Berg <[email protected]>; [email protected]; Brandon Snider <[email protected]>; pgsql-pkg-yum

On 1/9/18 16:11, Christoph Berg wrote:
> Am 9. Januar 2018 19:59:04 MEZ schrieb Peter Eisentraut <[email protected]>:
>> On 1/9/18 13:47, Brandon Snider wrote:
>>> You're installing /usr/lib/tmpfiles.d/pgbouncer.conf to create the
>>> /var/run/pgbouncer dir, but the permissions on that dir are too
>>> restrictive -- 700 -- for any file to be read by any user except
>>> pgbouncer and root. In my situation, for whatever reason my PHP
>>> implementation can't read unix sockets in /tmp,
>>
>> That might need further explanation.
> 
> That's likely systemd at work. By default, each process gets its own /tmp bind-mounted.

Right.  After further off-list discussion, the actual bug here is that
pgbouncer should puts its socket into /var/run/postgresql, which is the
standard location on that platform.  But that doesn't work because
pgbouncer runs under a separate user and doesn't have permission there.
This has been previously reported on this list.

-- 
Peter Eisentraut              http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services




^ permalink  raw  reply  [nested|flat] 5+ messages in thread

* Re: pgbouncer packaging issue
@ 2018-01-28 13:06  Devrim Gündüz <[email protected]>
  parent: Peter Eisentraut <[email protected]>
  0 siblings, 0 replies; 5+ messages in thread

From: Devrim Gündüz @ 2018-01-28 13:06 UTC (permalink / raw)
  To: Peter Eisentraut <[email protected]>; Christoph Berg <[email protected]>; [email protected]; Brandon Snider <[email protected]>; pgsql-pkg-yum


Hi,

On Wed, 2018-01-10 at 09:56 -0500, Peter Eisentraut wrote:
> Right.  After further off-list discussion, the actual bug here is that
> pgbouncer should puts its socket into /var/run/postgresql, which is the
> standard location on that platform.  But that doesn't work because
> pgbouncer runs under a separate user and doesn't have permission there.
> This has been previously reported on this list.

This bites me a lot, too. I'll read you previous email(s) about this, and see
what I can do.

Regards,
-- 
Devrim Gündüz
EnterpriseDB: https://www.enterprisedb.com
PostgreSQL Consultant, Red Hat Certified Engineer
Twitter: @DevrimGunduz , @DevrimGunduzTR

Attachments:

  [application/pgp-signature] signature.asc (833B, 2-signature.asc)
  download

^ permalink  raw  reply  [nested|flat] 5+ messages in thread

end of thread, other threads:[~2018-01-28 13:06 UTC | newest]

Thread overview: 5+ messages (download: mbox mbox.gz follow: Atom feed)
-- links below jump to the message on this page --
2018-01-09 18:47 pgbouncer packaging issue Brandon Snider <[email protected]>
2018-01-09 18:59 ` Peter Eisentraut <[email protected]>
2018-01-09 21:11   ` Christoph Berg <[email protected]>
2018-01-10 14:56     ` Peter Eisentraut <[email protected]>
2018-01-28 13:06       ` Devrim Gündüz <[email protected]>

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox