Обсуждение: postgresql question
Hello:
I am running Postgres version 7.4.13 on a Linux CentOS box with kernel version 2.6.9-67.0.7
I have a process running under a user ( "merlin" ) that needs access to the data base ( to calculate the DB size ). I have added the "merlin" user as a member of the postgres group, and changed the file group permissions ( I.E. /var/lib/pgsql/data/base ) to 750 from 700. this allows the "merlin" user's process to access the DB files. However - and this is the problem - after changing the file permissions, the Postmaster won't start. The indication is that it does'nt know where to find the database system data. I provide a path ( using the -D option ), and then the indication is that it can not read the permission of the directory /var/lib/pgsql/data/base/171142. If I do nothing other than remove the file permissions ( change back to 700 from 750 ), the Postmaster starts just as it should. Why does the Postmaster not start with the group permissions changed? Is this a bug? What can I do?
TIA
Dennis
I am running Postgres version 7.4.13 on a Linux CentOS box with kernel version 2.6.9-67.0.7
I have a process running under a user ( "merlin" ) that needs access to the data base ( to calculate the DB size ). I have added the "merlin" user as a member of the postgres group, and changed the file group permissions ( I.E. /var/lib/pgsql/data/base ) to 750 from 700. this allows the "merlin" user's process to access the DB files. However - and this is the problem - after changing the file permissions, the Postmaster won't start. The indication is that it does'nt know where to find the database system data. I provide a path ( using the -D option ), and then the indication is that it can not read the permission of the directory /var/lib/pgsql/data/base/171142. If I do nothing other than remove the file permissions ( change back to 700 from 750 ), the Postmaster starts just as it should. Why does the Postmaster not start with the group permissions changed? Is this a bug? What can I do?
TIA
Dennis
Dennis Hoffman <dennis.hoffman@seagate.com> wrote: > If I do nothing other than remove the file permissions ( change > back to 700 from 750 ), the Postmaster starts just as it should. > Why does the Postmaster not start with the group permissions > changed? That's intentional, as a security measure. > Is this a bug? It is considered a feature. > What can I do? I'd be tempted to write a script which was owned by root which calculated the size as desired, and grant sudo rights to merlin to execute that particular script as the user with rights. -Kevin
"Kevin Grittner" <Kevin.Grittner@wicourts.gov> writes: > Dennis Hoffman <dennis.hoffman@seagate.com> wrote: >> What can I do? > I'd be tempted to write a script which was owned by root which > calculated the size as desired, and grant sudo rights to merlin to > execute that particular script as the user with rights. Seems like a postgres-owned script would be safer. But actually I'd suggest using contrib/dbsize rather than doing any of this. Those functions got integrated into the core eventually, but in 7.4 they're in contrib. (Ob-comment-you-do-realize-how-obsolete-7.4-is-dont-you) regards, tom lane