| From: | Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at> |
|---|---|
| To: | Amol Inamdar <amol(dot)aai(at)gmail(dot)com> |
| Cc: | pgsql-general(at)lists(dot)postgresql(dot)org |
| Subject: | Re: Bypassing Directory Ownership Check in PostgreSQL 16.6 with Secure z/OS NFS (AT-TLS) |
| Date: | 2025-07-14 12:44:19 |
| Message-ID: | 0b3fb11184bf9ce6516ed1aa08af5dddc924f21c.camel@cybertec.at |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Mon, 2025-07-14 at 17:59 +0530, Amol Inamdar wrote:
> If I am not mistaken, below is my understanding of your suggestion.
>
> Suppose that My mount point on the NFS server is say /nfs-mount/postgres/
> and you are suggesting to have a data directory as say /nfs-mount/postgres/db or something like that ?
> and assign this value to the PGDATA ?
>
> If that is the case, then when and who should be creating the directory DB ?
>
> Please correct me if I am wrong about the understanding.
You understood me perfectly well.
The data directory can either be created by "initdb", in which case
the mount point must allow the PostgreSQL user to create a directory.
You could set the group of the mount point to the group of the
PostgreSQL user and use permissions 1770, which should be perfectly safe.
Alternatively, the root user could create the data directory with the
correct ownership and permissions prior to running "initdb".
Yours,
Laurenz Albe
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Amol Inamdar | 2025-07-14 13:02:23 | Re: Bypassing Directory Ownership Check in PostgreSQL 16.6 with Secure z/OS NFS (AT-TLS) |
| Previous Message | Amol Inamdar | 2025-07-14 12:29:12 | Re: Bypassing Directory Ownership Check in PostgreSQL 16.6 with Secure z/OS NFS (AT-TLS) |