| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Amol Inamdar <amol(dot)aai(at)gmail(dot)com> |
| Cc: | Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at>, pgsql-general(at)lists(dot)postgresql(dot)org |
| Subject: | Re: Bypassing Directory Ownership Check in PostgreSQL 16.6 with Secure z/OS NFS (AT-TLS) |
| Date: | 2025-07-17 05:14:33 |
| Message-ID: | 1344583.1752729273@sss.pgh.pa.us |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Amol Inamdar <amol(dot)aai(at)gmail(dot)com> writes:
> @Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at>
>> If you pre-create the data directory with the appropriate permissions,
>> what keeps you from giving ownership to the correct user too?
> Our NFS server is not a regular linux based server,
> it's on zOS (Mainframes) with AT-TLS security enabled,
> hence it doesn't allow changing of ownership.
Not only is that not a fit storage substrate for Postgres,
it's pretty hard to imagine that it's a fit substrate for
anything. "Every file on this filesystem must belong to the
same owner" is a concept that should have gone out with
floppy disks.
You need some extremely fundamental re-examination of your
design decisions. At the moment I am content to say that
Postgres does not support this storage mechanism and we
do not intend to do so in the future.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Ron Johnson | 2025-07-17 13:13:15 | Re: Bypassing Directory Ownership Check in PostgreSQL 16.6 with Secure z/OS NFS (AT-TLS) |
| Previous Message | Lukas Fittl | 2025-07-17 05:06:04 | Re: query_id: jumble names of temp tables for better pg_stat_statement UX |