Search Postgresql Archives

Re: Is it OK to create a directory in PGDATA dir

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Oct 19, 2017 at 5:32 PM, John R Pierce <pierce@xxxxxxxxxxxx> wrote:
On 10/19/2017 1:25 PM, Tomas Vondra wrote:
Is it fine to create a subdir inside PGDATA and store our stuff
there, or will PG freak out seeing a foreign object.

PostgreSQL certainly does not check if there are unknown directories in
the data directory, and it will not crash and burn. But it causes all
sorts of problems, and it increases the probability of human error.


most importantly, ONLY the postgres system process should have access to the pgdata directory, it should have permissions 700.   your apps should be running as a different user, and that user won't have access to said PGDATA.

Untrusted languages in the server, and superuser use of COPY, count as "applications" that are going to be running under the postgres user as far as the O/S is concerned.

​I do agree that external applications should communicate with the server via a session and not by mutual knowledge of a filesystem location.

I too would recommend not conflating system-related data that belongs in PGDATA and application-related data that should reside outside of that location.

​D
​avid J.​


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]

  Powered by Linux