| From: | "Tsunakawa, Takayuki" <tsunakawa(dot)takay(at)jp(dot)fujitsu(dot)com> |
|---|---|
| To: | 'David Steele' <david(at)pgmasters(dot)net>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Stephen Frost <sfrost(at)snowman(dot)net>, Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>, Pg Hackers <pgsql-hackers(at)postgresql(dot)org>, Adam Brightwell <adam(dot)brightwell(at)crunchydata(dot)com> |
| Subject: | Re: PATCH: Configurable file mode mask |
| Date: | 2017-03-15 07:00:37 |
| Message-ID: | 0A3221C70F24FB45833433255569204D1F6B2B81@G01JPEXMBYT05 |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
From: pgsql-hackers-owner(at)postgresql(dot)org
> [mailto:pgsql-hackers-owner(at)postgresql(dot)org] On Behalf Of David Steele
> > But it might be worth thinking about whether we want to encourage
> > people to do manual chmod's at all; that's fairly easy to get wrong,
> > particularly given the difference in X bits that should be applied to
> > files and directories. Another approach that could be worth
> > considering is a PGC_POSTMASTER GUC with just two states (group access
> > or not) and make it the postmaster's responsibility to do the
> > equivalent of chmod -R to make the file tree match the GUC. I think
> > we do a tree scan anyway for other purposes, so correcting any wrong
> > file permissions might not be much added work in the normal case.
>
> The majority of scanning is done in recovery (to find and remove unlogged
> tables) and I'm not sure we would want to add that overhead to normal startup.
I'm on David's side, too. I don't postmaster to always scan all files at startup.
On the other hand, just doing "chmod -R $PGDATA" is not enough, because chmod doesn't follow the symbolic links. Symbolic links are used for pg_tblspc/* and pg_wal at least. FYI, MySQL's manual describes the pithole like this:
https://dev.mysql.com/doc/refman/8.0/en/changing-mysql-user.html
----------------------------------------
2. Change the database directories and files so that user_name has privileges to read and write files in them (you might need to do this as the Unix root user):
shell> chown -R user_name /path/to/mysql/datadir
If you do not do this, the server will not be able to access databases or tables when it runs as user_name.
If directories or files within the MySQL data directory are symbolic links, chown -R might not follow symbolic links for you. If it does not, you will also need to follow those links and change the directories and files they point to.
----------------------------------------
I think we also need to describe the procedure carefully. That said, it would be best to make users aware of a configuration alternative (group access) with enough documentation when they first build the database or upgrade the database cluster. Just describing the alternative only in initdb reference page would result in being unaware of the better configuration, like --data-checksum.
Regards
Takayuki Tsunakawa
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tsunakawa, Takayuki | 2017-03-15 07:11:47 | Re: Defaulting psql to ON_ERROR_ROLLBACK=interactive |
| Previous Message | Amit Kapila | 2017-03-15 07:00:25 | Re: [COMMITTERS] pgsql: Fix cardinality estimates for parallel joins. |