On Fri, Jan 21, 2011 at 1:00 AM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
> Fujii Masao <masao.fujii@gmail.com> writes:
>> On Thu, Jan 20, 2011 at 10:53 AM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
>>>> I'm not sure why that's the right solution. Why do you think that we should
>>>> not create the tablespace under the $PGDATA directory? I'm not surprised
>>>> that people mounts the filesystem on $PGDATA/mnt and creates the
>>>> tablespace on it.
>
>>> No? Usually, having a mount point in a non-root-owned directory is
>>> considered a Bad Thing.
>
>> Hmm.. but ISTM we can have a root-owned mount point in $PGDATA
>> and create a tablespace there.
>
> Nonsense. The more general statement is that it's a security hole
> unless the mount point *and everything above it* is root owned.
Probably true. But we cannot create a tablespace for root-owned directory.
The directory must be owned by the PostgreSQL system user. So ISTM that
you says that creating a tablespace on a mount point itself is a security hole.
> In the case you sketch, there would be nothing to stop the (non root)
> postgres user from renaming $PGDATA/mnt to something else and then
> inserting his own trojan-horse directories.
Hmm.. can non-root postgres user really rename the root-owned directory
while it's being mounted?
> Moreover, I see no positive *good* reason to do it. There isn't
> anyplace under $PGDATA that users should be randomly creating
> directories, much less mount points.
When taking a base backup, you don't need to take a backup of tablespaces
separately from that of $PGDATA. You have only to take a backup of $PGDATA.
Regards,
--
Fujii Masao
NIPPON TELEGRAPH AND TELEPHONE CORPORATION
NTT Open Source Software Center