From: | Magnus Hagander <magnus(at)hagander(dot)net> |
---|---|
To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>, Josh Berkus <josh(at)agliodbs(dot)com> |
Subject: | Re: fsync bug faq for publication? |
Date: | 2015-05-26 06:09:54 |
Message-ID: | CABUevEyyLKq3i2YT+wqEUg=ang9h8CSG0F_OpZWrY4mzU1eqCg@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On May 26, 2015 07:31, "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>
> Josh Berkus <josh(at)agliodbs(dot)com> writes:
> > We need to get a notice out to our users who might update their servers
> > and get stuck behind the fsync bug. As such, I've prepared a FAQ.
> > Please read, correct and improve this FAQ so that it's fit for us to
> > announce to users as soon as possible:
>
> > https://wiki.postgresql.org/wiki/May_2015_Fsync_Permissions_Bug
>
> Judging by Ross Boylan's report at
>
http://www.postgresql.org/message-id/F1F13E14A610474196571953929C02096D0E97@ex08.net.ucsf.edu
> it's not sufficient to just recommend "changing permissions" on the
> problematic files. It's not entirely clear from here whether there is a
> solution that both allows fsync on referenced files and keeps OpenSSL
> happy; but if there is, it probably requires making the cert files be
> owned by the postgres user, as well as adjusting their permissions to
> be 0640 or thereabouts. I'm worried about whether that breaks other
> services using the same cert files.
>
It almost certainly will.
I think the recommendation has to be that if it's a symlink, it should be
replaced with a copy of the file, and that copy be chown and chmod the
right way.
/Magnus
From | Date | Subject | |
---|---|---|---|
Next Message | Michael Paquier | 2015-05-26 06:39:34 | Re: Supporting TAP tests with MSVC and Windows |
Previous Message | Tom Lane | 2015-05-26 05:31:23 | Re: fsync bug faq for publication? |