Thread: Restarting, ownership, and permissions

Restarting, ownership, and permissions

From
"Aurangzeb M. Agha"
Date:
I run my Postgres DB on a virtual linux server where I don't have root.
I'm 'admin', by default, and have created a 'postgres' user to own the DB
dir.

My problem is that on occassion, my ISP restarts my server, stranding all
my processes.  While I have scripts to restart Apache and my Servlet
engine on reboot, I don't know how to get the Postgres DB up and running
again.  The main problem is that the dir is owned (postgres.postgres) and
chmod'd to 700, keeping anyone but the 'postgres' user from starting it
up.

I tried chownin'g the DB dir to postgres.admin, and chmodding to 770, but
when I tried to start the DB, I got a fatal error in the log indicating
that postgres must own the dir, and the permissions must be u=rwx.  What
can I do?

    Thanks,
    Zeb


Re: Restarting, ownership, and permissions

From
Doug McNaught
Date:
"Aurangzeb M. Agha" <ama-list@mltp.com> writes:

> I run my Postgres DB on a virtual linux server where I don't have root.
> I'm 'admin', by default, and have created a 'postgres' user to own the DB
> dir.
>
> My problem is that on occassion, my ISP restarts my server, stranding all
> my processes.  While I have scripts to restart Apache and my Servlet
> engine on reboot, I don't know how to get the Postgres DB up and running
> again.  The main problem is that the dir is owned (postgres.postgres) and
> chmod'd to 700, keeping anyone but the 'postgres' user from starting it
> up.
>
> I tried chownin'g the DB dir to postgres.admin, and chmodding to 770, but
> when I tried to start the DB, I got a fatal error in the log indicating
> that postgres must own the dir, and the permissions must be u=rwx.  What
> can I do?

You have several choices as I see it:

1) Have Postgres run as 'admin' (not ideal, but not horrible)
2) Manually log in as 'postgres' to start the server when necessary
3) Work with your ISP to find a clean solution--perhaps they can
   create a little setuid 'postgres' C program that runs the startup script

I recommend #3, personally.

-Doug

Re: Restarting, ownership, and permissions

From
Richard Huxton
Date:
On Tuesday 02 September 2003 21:51, Aurangzeb M. Agha wrote:
> I run my Postgres DB on a virtual linux server where I don't have root.
> I'm 'admin', by default, and have created a 'postgres' user to own the DB
> dir.
>
> My problem is that on occassion, my ISP restarts my server, stranding all
> my processes.  While I have scripts to restart Apache and my Servlet
> engine on reboot, I don't know how to get the Postgres DB up and running
> again.  The main problem is that the dir is owned (postgres.postgres) and
> chmod'd to 700, keeping anyone but the 'postgres' user from starting it
> up.
>
> I tried chownin'g the DB dir to postgres.admin, and chmodding to 770, but
> when I tried to start the DB, I got a fatal error in the log indicating
> that postgres must own the dir, and the permissions must be u=rwx.  What
> can I do?

Hmm - so you can't "su - postgres" because as "admin" you'll need a password.
Off the top of my head you could:

1. chmod PG's startup script, so it runs suid as postgres (chmod u+s)
2. Use ssh to login as user postgres on localhost and execute pg_ctl start
(you can setup ssh so it doesn't need a password)

Either of those should work, with a little effort.

--
  Richard Huxton
  Archonet Ltd

Re: Restarting, ownership, and permissions

From
"Nigel J. Andrews"
Date:
On Tue, 2 Sep 2003, Richard Huxton wrote:

> On Tuesday 02 September 2003 21:51, Aurangzeb M. Agha wrote:
> > I run my Postgres DB on a virtual linux server where I don't have root.
> > I'm 'admin', by default, and have created a 'postgres' user to own the DB
> > dir.
> >
> > My problem is that on occassion, my ISP restarts my server, stranding all
> > my processes.  While I have scripts to restart Apache and my Servlet
> > engine on reboot, I don't know how to get the Postgres DB up and running
> > again.  The main problem is that the dir is owned (postgres.postgres) and
> > chmod'd to 700, keeping anyone but the 'postgres' user from starting it
> > up.
> >
> > I tried chownin'g the DB dir to postgres.admin, and chmodding to 770, but
> > when I tried to start the DB, I got a fatal error in the log indicating
> > that postgres must own the dir, and the permissions must be u=rwx.  What
> > can I do?
>
> Hmm - so you can't "su - postgres" because as "admin" you'll need a password.
> Off the top of my head you could:
>
> 1. chmod PG's startup script, so it runs suid as postgres (chmod u+s)
> 2. Use ssh to login as user postgres on localhost and execute pg_ctl start
> (you can setup ssh so it doesn't need a password)
>
> Either of those should work, with a little effort.

But not without root access or logging in as postgres :)

I would suggest that if you can't get your ISP to install the startup script
where is should be (/etc/init.d/ and the appropiate symbolic link) then don't
use the postgres user for your database.

Presumably as admin you can administer users. So create a new user, say
postgres2. Initialise a data directory:

$  initdb -D ~postgres2/data

as that new user. Then when you need to you can at least start the db manually
by logging in as postgres2, which you are able to do since you have control
over that user.


--
Nigel J. Andrews


Re: Restarting, ownership, and permissions

From
Adrian Phillips
Date:
>>>>> "Richard" == Richard Huxton <dev@archonet.com> writes:

    Richard> Hmm - so you can't "su - postgres" because as "admin"
    Richard> you'll need a password.  Off the top of my head you
    Richard> could:

One possibility given ssh access to the machine, from admin :-

  ssh postgres@localhost <command>

making sure that admin can ssh to postgres without a password or
passphrase,

Sincerely,

Adrian Phillips

--
Who really wrote the works of William Shakespeare ?
http://www.pbs.org/wgbh/pages/frontline/shakespeare/