Re: could not stat promote trigger file leads to shutdown

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>
Cc: pgsql-hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: could not stat promote trigger file leads to shutdown
Date: 2019-11-14 15:38:30
Message-ID: 22295.1573745910@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> writes:
> I have seen the error
> could not stat promote trigger file "...": Permission denied
> because of a misconfiguration (for example, setting promote_trigger_file
> to point into a directory to which you don't have appropriate read or
> execute access).

> The problem is that because this happens in the startup process, the
> ERROR is turned into a FATAL and the whole instance shuts down. That
> seems like a harsh penalty. Would it be better to turn this ERROR into
> a WARNING?

It is harsh, but I suspect if we just logged the complaint, we'd get
bug reports about "Postgres isn't reacting to my trigger file",
because people don't read the postmaster log unless forced to.
Is there some more-visible way to report the problem, short of
shutting down?

(BTW, from this perspective, WARNING is especially bad because it
might not get logged at all. Better to use LOG.)

One thought is to try to detect the misconfiguration at postmaster
start --- better to fail at startup than sometime later. But I'm
not sure how reliably we could do that.

regards, tom lane

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Martin Liška 2019-11-14 15:52:05 Re: segfault in geqo on experimental gcc animal
Previous Message Jonathan S. Katz 2019-11-14 15:07:03 Re: 2019-11-14 Press Release Draft