| From: | Priancka Chatz <pc9926(at)gmail(dot)com> |
|---|---|
| To: | Imran Khan <imran(dot)k(dot)23(at)gmail(dot)com> |
| Cc: | Jeff Janes <jeff(dot)janes(at)gmail(dot)com>, Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at>, pgsql-admin <pgsql-admin(at)postgresql(dot)org> |
| Subject: | Re: Unknown temp directories and library files |
| Date: | 2024-10-12 10:05:57 |
| Message-ID: | CANnOdgYMJiRjQU1-Jaqo3vp4LY7O3rmxMLq=e5M=GzdryCDNOg@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
It is not pgsql_tmp but a directory two level before the postgres data
directory. I tried deleting the files but they reappear in about 10 mins or
so, so it is not a sysadmin leftover. I am suspecting it is something that
probably is assisting with some tools maybe: there is Patroni ,pgqd, wal-g
running and some of these require python. However, I am still not sure why
they exist and what is creating it.
Regards,
Priyanka
On Fri, Oct 11, 2024 at 11:01 PM Imran Khan <imran(dot)k(dot)23(at)gmail(dot)com> wrote:
> In that case involving OS admin make sense.
>
> On Fri, Oct 11, 2024, 11:51 PM Jeff Janes <jeff(dot)janes(at)gmail(dot)com> wrote:
>
>>
>>
>> On Fri, Oct 11, 2024 at 4:16 PM Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at>
>> wrote:
>>
>>> On Fri, 2024-10-11 at 15:47 +0200, Priancka Chatz wrote:
>>> > On Fri, Oct 11, 2024 at 3:09 PM Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at>
>>> wrote:
>>> > > On Thu, 2024-10-10 at 12:22 +0200, Priancka Chatz wrote:
>>> > > > I am observing a new/unknown behavior on some of my instances. My
>>> postgres Data
>>> > > > directory path is /home/postgres/pgdata/pgroot/data. And I see a
>>> temp directory
>>> > > > present inside /home/postgres/pgdata which has 100s of directory
>>> underneath it
>>> > > > and inside each directory some library files related to Psycopg2.
>>> Not sure what
>>> > > > these files are and why it is getting created. I am attaching
>>> screenshots for reference.
>>> > > > Can anyone shed some light or direct me to any links to
>>> troubleshoot this?
>>> > >
>>> > > I'd say somebody broke into your database and is abusing it for his
>>> purposes.
>>> > >
>>> > > If that proves true, rescue what you can of the data and start with
>>> a new
>>> > > installation, preferably with better security.
>>>
>>> I have no conclusive proof for abuse, but a library has no business in
>>> "pgsql_tmp".
>>> That looks very much like somebody guessed your superuser password and
>>> is hijacking
>>> the operating system account.
>>>
>>
>> But he didn't say they were in pgsql_tmp, just that they were in some
>> temp directory apparently 3 or 4 levels higher in the directory tree than
>> where I would expect pgsql_tmp to be. To me this looks like some cruft left
>> over from some sysadmin running the python package manager, perhaps while
>> logged in as the wrong user. (Although I suppose that running a package
>> manager as the wrong user is also something a hacker might try to do...)
>>
>> Cheers,
>>
>> Jeff
>>
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Sabyasachi Mukherjee | 2024-10-13 06:24:04 | Loading data from one table to another |
| Previous Message | Imran Khan | 2024-10-11 21:01:43 | Re: Unknown temp directories and library files |