Re: pg_basebackup for streaming base backups - Mailing list pgsql-hackers

From Tom Lane
Subject Re: pg_basebackup for streaming base backups
Date
Msg-id 14753.1295539241@sss.pgh.pa.us
Whole thread Raw
In response to Re: pg_basebackup for streaming base backups  (Fujii Masao <masao.fujii@gmail.com>)
Responses Re: pg_basebackup for streaming base backups
List pgsql-hackers
Fujii Masao <masao.fujii@gmail.com> writes:
> On Thu, Jan 20, 2011 at 10:53 AM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
>>> I'm not sure why that's the right solution. Why do you think that we should
>>> not create the tablespace under the $PGDATA directory? I'm not surprised
>>> that people mounts the filesystem on $PGDATA/mnt and creates the
>>> tablespace on it.

>> No? �Usually, having a mount point in a non-root-owned directory is
>> considered a Bad Thing.

> Hmm.. but ISTM we can have a root-owned mount point in $PGDATA
> and create a tablespace there.

Nonsense.  The more general statement is that it's a security hole
unless the mount point *and everything above it* is root owned.
In the case you sketch, there would be nothing to stop the (non root)
postgres user from renaming $PGDATA/mnt to something else and then
inserting his own trojan-horse directories.

Given that nobody except postgres and root could get to the mount point,
maybe there wouldn't be any really serious problems caused that way ---
but I still say that it's bad practice that no competent sysadmin would
accept.

Moreover, I see no positive *good* reason to do it.  There isn't
anyplace under $PGDATA that users should be randomly creating
directories, much less mount points.
        regards, tom lane


pgsql-hackers by date:

Previous
From: Bruce Momjian
Date:
Subject: Re: pg_basebackup for streaming base backups
Next
From: Tom Lane
Date:
Subject: Re: REVIEW: EXPLAIN and nfiltered