Melvyn Sopacua <mdev@idg.nl> writes:
> 1) Postgres requires me to have 'su' in the chrooted env
Postgres itself doesn't use su. Surely you can figure out a way to
run a program as non-root inside the chroot area (login, maybe)?
There's nothing that says you have to use that particular start script.
> 2) Postgres makes a shell call to the 'cp' command when creating new databases.
Yup. Live with it, or reimplement recursive cp in CREATE DATABASE.
Don't forget 'rm' too for DROP DATABASE. I don't really see the point
though; why shouldn't cp/rm be available inside the chroot playpen?
> -- Does anybody run PostgreSQL chrooted and so, how?
I'm pretty sure uunet is running multiple Postgreses chrooted to
different places on the same system.
However, I wonder if you aren't adopting a MySQL-driven worldview
in assuming that you need to do this in the first place. Since Postgres
doesn't run as root, and doesn't expose any filesystem access capability
to non-superusers, the need to put it in a chroot playpen seems much
less to me.
regards, tom lane