Dear PostgreSQL Community,
I'm currently running PostgreSQL version 16.6 inside a Docker container
(base image: UBI 9), using Docker Compose. The PostgreSQL data directory
is mounted from an NFS volume hosted on a z/OS NFS server.
The environment has a few constraints:
- The NFS server runs on z/OS with AT-TLS enabled.
- It’s a highly secure and access-controlled setup.
- Due to platform restrictions on z/OS, the mounted NFS directory cannot
be owned by the PostgreSQL user (e.g., `postgres`) inside the container.
- As a result, PostgreSQL fails to start because of the directory
ownership validation check.
Given the secure nature of the NFS server, I’d like to ask:
1. Is there a supported or recommended way to bypass the ownership
check on the data directory?
2. What are the potential risks or implications of doing so in a secure
NFS environment?
3. I'm considering building a custom PostgreSQL image by modifying the
`miscinit.c` file—specifically, disabling the ownership check in the
`checkDataDir()` function. Is this a reasonable approach, and are
there any caveats or unintended side effects I should be aware of?
**Disclaimer**: The z/OS NFS server is secured using AT-TLS and enforces
strict access control policies. My intention is not to weaken
PostgreSQL’s security model, but to adapt to platform-specific
constraints while maintaining overall security integrity.
Any insights, experiences, or alternative suggestions would be greatly
appreciated.
Best regards,
Amol
