Josh Berkus <josh@agliodbs.com> writes:
> We need to get a notice out to our users who might update their servers
> and get stuck behind the fsync bug. As such, I've prepared a FAQ.
> Please read, correct and improve this FAQ so that it's fit for us to
> announce to users as soon as possible:
> https://wiki.postgresql.org/wiki/May_2015_Fsync_Permissions_Bug
Judging by Ross Boylan's report at
http://www.postgresql.org/message-id/F1F13E14A610474196571953929C02096D0E97@ex08.net.ucsf.edu
it's not sufficient to just recommend "changing permissions" on the
problematic files. It's not entirely clear from here whether there is a
solution that both allows fsync on referenced files and keeps OpenSSL
happy; but if there is, it probably requires making the cert files be
owned by the postgres user, as well as adjusting their permissions to
be 0640 or thereabouts. I'm worried about whether that breaks other
services using the same cert files.
regards, tom lane