Fujii Masao <masao.fujii@gmail.com> writes:
> On Thu, Jan 20, 2011 at 10:53 AM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
>>> I'm not sure why that's the right solution. Why do you think that we should
>>> not create the tablespace under the $PGDATA directory? I'm not surprised
>>> that people mounts the filesystem on $PGDATA/mnt and creates the
>>> tablespace on it.
>> No? �Usually, having a mount point in a non-root-owned directory is
>> considered a Bad Thing.
> Hmm.. but ISTM we can have a root-owned mount point in $PGDATA
> and create a tablespace there.
Nonsense. The more general statement is that it's a security hole
unless the mount point *and everything above it* is root owned.
In the case you sketch, there would be nothing to stop the (non root)
postgres user from renaming $PGDATA/mnt to something else and then
inserting his own trojan-horse directories.
Given that nobody except postgres and root could get to the mount point,
maybe there wouldn't be any really serious problems caused that way ---
but I still say that it's bad practice that no competent sysadmin would
accept.
Moreover, I see no positive *good* reason to do it. There isn't
anyplace under $PGDATA that users should be randomly creating
directories, much less mount points.
regards, tom lane
