Re: Bypassing Directory Ownership Check in PostgreSQL 16.6 with Secure z/OS NFS (AT-TLS)

Hi Laurenz

Thanks for the reply,

If I am not mistaken, below is my understanding of your suggestion.

Suppose that My mount point on the NFS server is say /nfs-mount/postgres/
and you are suggesting to have a data directory as say
/nfs-mount/postgres/db or something like that ?
and assign this value to the PGDATA ?

If that is the case, then when and who should be creating the directory DB
?

Please correct me if I am wrong about the understanding.

Thanks,
Amol

On Mon, Jul 14, 2025 at 5:50 PM Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at>
wrote:

> On Mon, 2025-07-14 at 11:19 +0530, Amol Inamdar wrote:
> > I'm currently running PostgreSQL version 16.6 inside a Docker container
> > (base image: UBI 9), using Docker Compose. The PostgreSQL data directory
> > is mounted from an NFS volume hosted on a z/OS NFS server.
> >
> > The environment has a few constraints:
> >
> > - It’s a highly secure and access-controlled setup.
> > - Due to platform restrictions on z/OS, the mounted NFS directory cannot
> > be owned by the PostgreSQL user (e.g., `postgres`) inside the
> container.
> > - As a result, PostgreSQL fails to start because of the directory
> > ownership validation check.
>
> It is not a good idea to have a mount point be the data directory.
> The proper solution is to create the data directory inside the
> mount point. That way, the permissions of the data directory don't
> have to be the same as the permissions of the mount point.
>
> Yours,
> Laurenz Albe
>

--
-regards
Amol