Обсуждение: separating PG binaries into a ro mounted partition

 Hi,
~
 I would like to separate all PG binaries from the created data for
tables, indexes (which could be written and updated to) and also from
the log files created by PG. Idealy I would like to  be able to reset
those directories at run-time through environment variables and even
run PG from a CD-ROM
~
 So I will need to include those a-la {$DATA_DIR} in conf files and
previously set them in an initial script
~
 I know I will have to install PG from source, but I guess there is a
lot more I don't know about the installation procedures found in the
/postgresql-8.2.5/INSTALL notes, my ./configure stat should be like
this:
~

PG_INSTALL_DIR=<>
RM_DIR=<>

./configure
--prefix=$PG_INSTALL_DIR
--without-readline
--without-docdir
--mandir=$RM_DIR

rm $RM_DIR
~
 I am planning to use the read-only mount feature and the append-only
attributes of the ext3 file system under Linux
~
 Which other conf files will I have to tinker with?
~
 Are there any best practices using these ideas for the installation of PG?
~
 Thanks
 lbrtchx

What are you trying to acheive by making the binaries read-only?

All the config files reside in the data directory so there shoudl be a problem making /usr/local/postgres/bin (or whatever you choose to install the binaries) to be a read-only mounted partition. The other option (which is far easier) would be to set the binaries immutable. As root, run this:
    chattr +i /use/local/postgres/bin/*

That way only root can remove the immutable flag so they can be changed - if it's a security issue behind your desire to do this then it doesn't matter that root can do that versus your suggestion as root would be able to just remount the partition rw:
    mount -o remount,rw /usr/local/postgres

If you can advise why you want them to be read-only then we can make better suggestions.

Cheers,
~p

THINK BEFORE YOU PRINT - Save paper if you don't really need to print this e-mail.

*******************Confidentiality and Privilege Notice*******************

The material contained in this message is privileged and confidential to the addressee. If you are not the addressee indicated in this message or responsible for delivery of the message to such person, you may not copy or deliver this message to anyone, and you should destroy it and kindly notify the sender by reply email.

Information in this message that does not relate to the official business of Weatherbeeta must be treated as neither given nor endorsed by Weatherbeeta. Weatherbeeta, its employees, contractors or associates shall not be liable for direct, indirect or consequential loss arising from transmission of this message or any attachments

> Phillip Smith <phillip.smith@weatherbeeta.com.au> wrote:
> What are you trying to acheive by making the binaries read-only?
~
 * convinience: If I have PG on a baseline Linux distro running from a
USB stick or CD (or a mini-DVD) and I go around with my micro drive, I
could just sit anywhere they have a PC with a USB port or CD-player
and an available USB/or firewire port for my micro device.
~
 This is why I need to also be able to configure the mount point my
PGDATA will be in. I have done that before with mysql and it works
just fine, but PG is more appealing for me because it has features I
need and it is more committed to java.
~
 * security: I could go anywhere knowing that as long as I
mount/configure PG and other apps I have, such as tomcat, as read-only
it is impossibly hard for people to alter my files even though they
could tinker with the BIOS and RAM
~
 Also config files could stay where they be, because they
don't/shouldn't change as PG runs. I only need to put in a separate
writable (&/|| updatable) and appendable filesystem areas all other
data
~
 So, what are the installation options to acheive what I specified in the OP?
~
 thanks
 lbrtchx

Did you go through this?

http://www.postgresql.org/docs/8.2/static/install-procedure.html


--
Usama Munir Dar http://www.linkedin.com/in/usamadar
Consultant Architect
Cell:+92 321 5020666
Skype: usamadar