/var/lib/pgsql 0755 - Justin Pryzby

public inbox for [email protected]  
help / color / mirror / Atom feed

From: Justin Pryzby <[email protected]>
To: Devrim Gündüz <[email protected]>
Cc: [email protected]
Subject: /var/lib/pgsql 0755
Date: Thu, 27 May 2021 13:03:53 -0500
Message-ID: <[email protected]> (raw)

Hi,

Postgres requires that the data dir is restricted:
2021-05-27 13:39:44.002 EDT [23409] FATAL:  data directory "/var/lib/pgsql/pgsql14.jtp" has invalid permissions
2021-05-27 13:39:44.002 EDT [23409] DETAIL:  Permissions should be u=rwx (0700) or u=rwx,g=rx (0750).

But the server package creates /v/l/pgsql as mode 700, and rpm resets the perms
on every installation.

[pryzbyj@database ~]$ rpm -qvl postgresql14-server-14-beta1_3PGDG.rhel7.x86_64 |grep var/lib
drwx------    2 postgrespostgres                    0 May 21 06:18 /var/lib/pgsql
drwx------    2 postgrespostgres                    0 May 21 06:18 /var/lib/pgsql/14
drwx------    2 postgrespostgres                    0 May 21 06:18 /var/lib/pgsql/14/backups
drwx------    2 postgrespostgres                    0 May 21 06:18 /var/lib/pgsql/14/data

That seems unnecessarily restrictive, since I might put something like logs
underneath there, and I'd prefer to be able to look for them, tab complete
them, maybe even look *at* them, depending on log_file_mode, and the
permissions that *I* set on the subdir.  I might just want to "ls"/tab complete
to know which version dir to use.  In my deployment script, I go to the effort
to set it back to 00755 for convenience.

Maybe the mode 700 stuff is leftover from old packages which didn't include a
version ?  Either in the package name or as a subdir.

There's not many base pakages which do this:
rpm -qlav |grep '^drwx.*root *root' |grep -v ^drwxr-xr-x |awk -F/ '!/audit|firewall|tmp|lvm/ && NF<5'

Would you consider setting at least /v/l/p to mode 755?  And maybe the version
subdirs (like 14) too.

-- 
Justin

view thread (4+ messages)  latest in thread

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected], [email protected]
  Subject: Re: /var/lib/pgsql 0755
  In-Reply-To: <[email protected]>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox