| From: | Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at> |
|---|---|
| To: | Amol Inamdar <amol(dot)aai(at)gmail(dot)com>, pgsql-general(at)lists(dot)postgresql(dot)org |
| Subject: | Re: Bypassing Directory Ownership Check in PostgreSQL 16.6 with Secure z/OS NFS (AT-TLS) |
| Date: | 2025-07-14 12:20:14 |
| Message-ID: | 13e3100fc7c7d14919c37943dcfd76b263cecce2.camel@cybertec.at |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Mon, 2025-07-14 at 11:19 +0530, Amol Inamdar wrote:
> I'm currently running PostgreSQL version 16.6 inside a Docker container
> (base image: UBI 9), using Docker Compose. The PostgreSQL data directory
> is mounted from an NFS volume hosted on a z/OS NFS server.
>
> The environment has a few constraints:
>
> - It’s a highly secure and access-controlled setup.
> - Due to platform restrictions on z/OS, the mounted NFS directory cannot
> be owned by the PostgreSQL user (e.g., `postgres`) inside the container.
> - As a result, PostgreSQL fails to start because of the directory
> ownership validation check.
It is not a good idea to have a mount point be the data directory.
The proper solution is to create the data directory inside the
mount point. That way, the permissions of the data directory don't
have to be the same as the permissions of the mount point.
Yours,
Laurenz Albe
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Amol Inamdar | 2025-07-14 12:29:12 | Re: Bypassing Directory Ownership Check in PostgreSQL 16.6 with Secure z/OS NFS (AT-TLS) |
| Previous Message | Amol Inamdar | 2025-07-14 05:49:55 | Bypassing Directory Ownership Check in PostgreSQL 16.6 with Secure z/OS NFS (AT-TLS) |