Re: Small correction in chown command to set the owner of the pgsql data dir correctly

"David G. Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> writes:
> On Saturday, February 6, 2021, PG Doc comments form <noreply(at)postgresql(dot)org>
> wrote:
>> "root# mkdir /usr/local/pgsql
>> root# chown postgres /usr/local/pgsql
>> root# su postgres
>> postgres$ initdb -D /usr/local/pgsql/data"
>> If these steps are followed then it still fails to initialize the DB as
>> chown only gives ownership to the pgsql directory but not the child
>> directories under pgsql,

> If you follow those four steps exclusively then at the fourth step there
> are no child directories since step one created the pgsql directory and
> neither step two nor three created any other directories.

Yeah. The OP must have followed some other process in order to get to

>> fixing permissions on existing directory /usr/local/pgsql/data ... initdb:
>> error: could not change permissions of directory "/usr/local/pgsql/data":
>> Operation not permitted"

More to the point, it seems to me that recommending "chown -R" on the
*parent* directory is not merely unsafe but an actual security hole.
There are plenty of scenarios where the data directory's parent ought
not be owned by the postgres user, and any other child directories even
less so. An example is where the parent is a filesystem mount point.
(Admittedly, the manual does suggest adding an intermediate level
of postgres-owned directory in such a case, but lots of people don't
bother.)

If we're going to have people picking and choosing which parts of that
script they're going to follow exactly, having a step in it that's as
dangerous as "chown -R" just seems like a really bad idea.

regards, tom lane