Thread: [HACKERS] Add doc advice about systemd RemoveIPC
Here is a patch to add some information about the systemd RemoveIPC issue to the documentation, sort of in the spirit of the OOM discussion nearby. -- Peter Eisentraut http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
Attachment
On Wed, Dec 28, 2016 at 4:34 AM, Peter Eisentraut <peter.eisentraut@2ndquadrant.com> wrote:
Here is a patch to add some information about the systemd RemoveIPC
issue to the documentation, sort of in the spirit of the OOM discussion
nearby.
I wonder if I missed part of the discussions around this, so maybe my understanding of the cases where this occurs is wrong, but isn't it the case of pretty much all (or actually) all the packaged versions of postgresql out there (debian, redhat etc) that they do the right thing, as in that they create "postgres" as a system user?
I like the text in general, but if the above is true, then I think we should put a note at the beginning of it with something along the line (not using those words) of "if you have installed postgresql using packages, the packager should have taken care of this already"? So as not to scare people unnecessarily?
On 30 December 2016 at 16:59, Magnus Hagander <magnus@hagander.net> wrote: > On Wed, Dec 28, 2016 at 4:34 AM, Peter Eisentraut > <peter.eisentraut@2ndquadrant.com> wrote: >> >> Here is a patch to add some information about the systemd RemoveIPC >> issue to the documentation, sort of in the spirit of the OOM discussion >> nearby. > > > I wonder if I missed part of the discussions around this, so maybe my > understanding of the cases where this occurs is wrong, but isn't it the case > of pretty much all (or actually) all the packaged versions of postgresql out > there (debian, redhat etc) that they do the right thing, as in that they > create "postgres" as a system user? Yes. The postgres docs do tend to ignore the reality of most actual postgres users, though, and talk as if you installed it from source code under your own user account. I see people bewildered by this regularly, since we have no discussion at all of common things like "sudo -u postgres psql" on default packaged installs. Sure, there are many platforms, but still. > I like the text in general, but if the above is true, then I think we should > put a note at the beginning of it with something along the line (not using > those words) of "if you have installed postgresql using packages, the > packager should have taken care of this already"? So as not to scare people > unnecessarily? You need to have not only installed it with packages, but be running it under the package-provided postgres user account. This is not always the case. I see installs from packages that are then manually initdb'd in /srv/wtf/why all the time, sadly, and often launched by manual pg_ctl invocations under surprising user accounts. "If you have installed postgres from distribution or postgresql.org-provided packages and use the scripts or commands provided by the packages to start and stop PostgreSQL, this issue is unlikely to affect you." ? -- Craig Ringer http://www.2ndQuadrant.com/PostgreSQL Development, 24x7 Support, Training & Services
On 12/30/16 3:59 AM, Magnus Hagander wrote: > I wonder if I missed part of the discussions around this, so maybe my > understanding of the cases where this occurs is wrong, but isn't it the > case of pretty much all (or actually) all the packaged versions of > postgresql out there (debian, redhat etc) that they do the right thing, > as in that they create "postgres" as a system user? If you install a package but the user already exists, then the package will just use that user. So just using a package is not a guarantee that everything will be alright. -- Peter Eisentraut http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
On Sat, Dec 31, 2016 at 6:30 AM, Peter Eisentraut <peter.eisentraut@2ndquadrant.com> wrote:
-- On 12/30/16 3:59 AM, Magnus Hagander wrote:
> I wonder if I missed part of the discussions around this, so maybe my
> understanding of the cases where this occurs is wrong, but isn't it the
> case of pretty much all (or actually) all the packaged versions of
> postgresql out there (debian, redhat etc) that they do the right thing,
> as in that they create "postgres" as a system user?
If you install a package but the user already exists, then the package
will just use that user. So just using a package is not a guarantee
that everything will be alright.
Good point.
I still think that some wording in the direction of the fact that the majority of all users won't actually have this problem is the right thing to do (regardless of our previous history in the area as pointed out by Craig)
Magnus Hagander <magnus@hagander.net> writes:
> I still think that some wording in the direction of the fact that the
> majority of all users won't actually have this problem is the right thing
> to do (regardless of our previous history in the area as pointed out by
> Craig)
+1. The use-a-system-user solution is the one that's in place on the
ground for most current PG users on affected platforms. We should explain
that one first and make clear that platform-specific packages attempt to
set it up that way for you. The RemoveIPC technique should be documented
as a fallback to be used if you can't/won't use a system userid.
regards, tom lane
On 12/31/16 11:43 AM, Tom Lane wrote: > Magnus Hagander <magnus@hagander.net> writes: >> I still think that some wording in the direction of the fact that the >> majority of all users won't actually have this problem is the right thing >> to do (regardless of our previous history in the area as pointed out by >> Craig) > > +1. The use-a-system-user solution is the one that's in place on the > ground for most current PG users on affected platforms. We should explain > that one first and make clear that platform-specific packages attempt to > set it up that way for you. The RemoveIPC technique should be documented > as a fallback to be used if you can't/won't use a system userid. How about this version, which shifts the emphasis a bit, as suggested? -- Peter Eisentraut http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
Attachment
On Fri, Feb 10, 2017 at 10:36 PM, Peter Eisentraut <peter.eisentraut@2ndquadrant.com> wrote:
On 12/31/16 11:43 AM, Tom Lane wrote:
> Magnus Hagander <magnus@hagander.net> writes:
>> I still think that some wording in the direction of the fact that the
>> majority of all users won't actually have this problem is the right thing
>> to do (regardless of our previous history in the area as pointed out by
>> Craig)
>
> +1. The use-a-system-user solution is the one that's in place on the
> ground for most current PG users on affected platforms. We should explain
> that one first and make clear that platform-specific packages attempt to
> set it up that way for you. The RemoveIPC technique should be documented
> as a fallback to be used if you can't/won't use a system userid.
How about this version, which shifts the emphasis a bit, as suggested?
Looks much better.
+ <para>
+ If <productname>systemd</productname> is in use, some care must be taken
+ that IPC resources (shared memory and semaphores) are not prematurely
+ removed by the operating system. This is especially of concern when
+ installing PostgreSQL from source. Users of distribution packages of
+ PostgreSQL are less likely to be affected.
+ </para>
I would add "are less likely to be affected as the postgres user is normally created as a system user" or something like that -- to indicate *why* they are less likely to be affected (and it also tells people that if they change the user, then they might become affected again).
On 2/14/17 11:49 AM, Magnus Hagander wrote: > + <para> > + If <productname>systemd</productname> is in use, some care must be > taken > + that IPC resources (shared memory and semaphores) are not prematurely > + removed by the operating system. This is especially of concern when > + installing PostgreSQL from source. Users of distribution packages of > + PostgreSQL are less likely to be affected. > + </para> > > I would add "are less likely to be affected as the postgres user is > normally created as a system user" or something like that -- to indicate > *why* they are less likely to be affected (and it also tells people that > if they change the user, then they might become affected again). Committed with that addition, thanks! -- Peter Eisentraut http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services