Re: pg_basebackup for streaming base backups

Fujii Masao <masao(dot)fujii(at)gmail(dot)com> writes:
> On Thu, Jan 20, 2011 at 10:53 AM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>>> I'm not sure why that's the right solution. Why do you think that we should
>>> not create the tablespace under the $PGDATA directory? I'm not surprised
>>> that people mounts the filesystem on $PGDATA/mnt and creates the
>>> tablespace on it.

>> No? Usually, having a mount point in a non-root-owned directory is
>> considered a Bad Thing.

> Hmm.. but ISTM we can have a root-owned mount point in $PGDATA
> and create a tablespace there.

Nonsense. The more general statement is that it's a security hole
unless the mount point *and everything above it* is root owned.
In the case you sketch, there would be nothing to stop the (non root)
postgres user from renaming $PGDATA/mnt to something else and then
inserting his own trojan-horse directories.

Given that nobody except postgres and root could get to the mount point,
maybe there wouldn't be any really serious problems caused that way ---
but I still say that it's bad practice that no competent sysadmin would
accept.

Moreover, I see no positive *good* reason to do it. There isn't
anyplace under $PGDATA that users should be randomly creating
directories, much less mount points.

regards, tom lane