Re: Add socket dir to pg_config..? - Mailing list pgsql-hackers

From Cédric Villemain
Subject Re: Add socket dir to pg_config..?
Date
Msg-id CAF6yO=0ACZZneuUHAGypPwZQZK_jcaUN+aNxMqSo9Ch1F2OZjg@mail.gmail.com
Whole thread Raw
In response to Re: Add socket dir to pg_config..?  (Martijn van Oosterhout <kleptog@svana.org>)
List pgsql-hackers
2011/10/30 Martijn van Oosterhout <kleptog@svana.org>:
> On Sat, Oct 29, 2011 at 08:28:57PM +0000, Mr. Aaron W. Swenson wrote:
>> > If /tmp is the only decent place where to put the socket file on Unix
>> > when security and other concerns are considered, then sure, making
>> > distro life difficult is a good thing to do. But then let's take it to
>> > the FHS that debian and ubuntu are implementing, AFAIUI.
>
>> In Gentoo, we change the socket directory to /var/run/postgresql via
>> pg_config_manual.h. However, I'm not too terribly interested in pg_config
>> outputting the directory location.
>
> Frankly, I'm not seeing the difference between the socket directory and
> the "listen_addresses" option. When connecting you can specify the
> socket directory to use via the "host" option.
>
> It might even be more logical to be able to specify multiple
> directories. Given we support multiple listen sockets I can't imagine
> it would require much code.
>
> (And yes, just today I ran into the issue of hardcoded paths. If the
> directory it points to is not world writable then you've limited the
> users who can run the postgres server. Which is an unnecessary
> restriction imho).
>

For Debian, the reason is :

Description: Put server Unix sockets into /var/run/postgresql/ by default
Forwarded: No, Debian specific configuration with postgresql-common

Using /tmp for sockets allows everyone to spoof a PostgreSQL server. Thus use
/var/run/postgresql/ for "system" clusters which run as 'postgres' (user
clusters will still use /tmp). Since system cluster are by far the common case,
set it as default.




--
Cédric Villemain +33 (0)6 20 30 22 52
http://2ndQuadrant.fr/
PostgreSQL: Support 24x7 - Développement, Expertise et Formation


pgsql-hackers by date:

Previous
From: Jun Ishiduka
Date:
Subject: Re: Online base backup from the hot-standby
Next
From: Fujii Masao
Date:
Subject: Re: unite recovery.conf and postgresql.conf