Re: danger of stats_temp_directory = /dev/shm
| От | Andrew Dunstan |
|---|---|
| Тема | Re: danger of stats_temp_directory = /dev/shm |
| Дата | |
| Msg-id | 51795655.9060508@dunslane.net обсуждение исходный текст |
| Ответ на | Re: danger of stats_temp_directory = /dev/shm (Peter Eisentraut <peter_e@gmx.net>) |
| Список | pgsql-hackers |
On 04/25/2013 11:24 AM, Peter Eisentraut wrote: > On 4/25/13 12:09 AM, Tom Lane wrote: >> I think we need it fixed to reject any stats_temp_directory that is not >> postgres-owned with restrictive permissions. The problem here is not >> with what it deletes, it's with the insanely insecure configuration. > Yeah, the requirements should be similar to what initdb requires for > PGDATA and pg_xlog. > > Right. I do think that best practice suggests using a dedicated ram drive rather than /dev/shm. Here's an fstab entry I have used at one client's site: tmpfs /var/lib/pgsql/stats_tmp tmpfs size=5G,uid=postgres,gid=postgres 0 0 I guess if we put in the sort of restrictions being suggested above I'd add a mode argument to the mount options. (This drive might seem large, but total RAM on this machine is 512Gb.) cheers andrew
В списке pgsql-hackers по дате отправления: