| From: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> |
|---|---|
| To: | John R Pierce <pierce(at)hogranch(dot)com> |
| Cc: | "pgsql-general(at)postgresql(dot)org" <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: Is it OK to create a directory in PGDATA dir |
| Date: | 2017-10-20 00:42:05 |
| Message-ID: | CAKFQuwbkYSpeA2AgHoMwfTmay+u0O98vDtKyqdERuV-45HFUFg@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Thu, Oct 19, 2017 at 5:32 PM, John R Pierce <pierce(at)hogranch(dot)com> wrote:
> On 10/19/2017 1:25 PM, Tomas Vondra wrote:
>
> Is it fine to create a subdir inside PGDATA and store our stuff
> there, or will PG freak out seeing a foreign object.
>
>
> PostgreSQL certainly does not check if there are unknown directories in
> the data directory, and it will not crash and burn. But it causes all
> sorts of problems, and it increases the probability of human error.
>
>
> most importantly, ONLY the postgres system process should have access to
> the pgdata directory, it should have permissions 700. your apps should be
> running as a different user, and that user won't have access to said PGDATA.
>
Untrusted languages in the server, and superuser use of COPY, count as
"applications" that are going to be running under the postgres user as far
as the O/S is concerned.
I do agree that external applications should communicate with the server
via a session and not by mutual knowledge of a filesystem location.
I too would recommend not conflating system-related data that belongs in
PGDATA and application-related data that should reside outside of that
location.
D
avid J.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Adam Brusselback | 2017-10-20 03:14:29 | Re: Alternative to pgAdmin Postgres Manager that support pgagent (jobs) |
| Previous Message | John R Pierce | 2017-10-20 00:32:11 | Re: Is it OK to create a directory in PGDATA dir |