| From: | Devrim Gündüz <devrim(at)gunduz(dot)org> |
|---|---|
| To: | James Laska <jal233(at)gmail(dot)com> |
| Cc: | pgsql-pkg-yum(at)postgresql(dot)org |
| Subject: | Re: EL7 and Apache private /tmp/ directories |
| Date: | 2015-05-12 19:59:48 |
| Message-ID: | 1431460788.4314.13.camel@gunduz.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-pkg-yum |
Hi,
Thanks for the heads-up. New PostgreSQL minor releases are due next
week, and I'll queue this for that.
Regards, Devrim
On Thu, 2015-04-30 at 20:02 -0400, James Laska wrote:
> Greetings,
>
> In EL7 (RHEL+CentOS), as a security measure, Apache processes get a private
> /tmp/ directory [1]. As a result, this means that any Apache processes
> attempting to connect to postgresql using a domain socket will be unable to
> connect.
>
> EL7 (and Fedora) address this problem by updating the following setting in
> postgresql.conf [2]
>
> unix_socket_directories = '/var/run/postgresql, /tmp'
> >
>
> And by modifying DEFAULT_PGSOCKET_DIR in pg_config_manual.h [3].
>
> -#define DEFAULT_PGSOCKET_DIR "/tmp"
> > +#define DEFAULT_PGSOCKET_DIR "/var/run/postgresql"
> >
>
> Can these changes be included in the EL7 RPMs provided at yum.postgresql.org
> ?
>
> Thanks,
> James
>
> [1] https://fedoraproject.org/wiki/Features/ServicesPrivateTmp
> [2] http://bugzilla.redhat.com/825448
> [3]
> http://pkgs.fedoraproject.org/cgit/postgresql.git/tree/postgresql-var-run-socket.patch
--
Devrim GÜNDÜZ
Principal Systems Engineer @ EnterpriseDB: http://www.enterprisedb.com
PostgreSQL Danışmanı/Consultant, Red Hat Certified Engineer
Twitter: @DevrimGunduz , @DevrimGunduzTR
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Devrim Gündüz | 2015-05-12 21:24:47 | Re: pgbouncer logrotate configuration |
| Previous Message | Martín Marqués | 2015-05-12 19:32:08 | New repmgr packages |