On 2015-05-25 14:02:28 -0400, Tom Lane wrote:
> Stephen Frost <sfrost@snowman.net> writes:
> > I've not followed this thread all that closely, but I do tend to agree
> > with the idea of "only try to mess with files that are *clearly* ours to
> > mess with."
>
> Well, that opens us to errors of omission, ie failing to fsync things we
> should have.
Is that really that likely? I mean we don't normally add data to the top
level directory itself, and subdirectories hopefully won't be added
except via initdb?
> Maybe that's an okay risk, but personally I'd judge that
> "fsync everything and ignore (some?) errors" is probably a more robust
> approach over time.
The over-the-top approach would be to combine the two. Error out in
directories that are in the initdb list, and ignore permission errors
otherwise...
Additionally we could attempt to fsync with a readonly fd before trying
the read-write fd...
