Thread: [pgsql-pkg-yum] pgbouncer socket directory
The postgresql packages are configured with a socket directory /var/run/postgresql, but pgbouncer is configured with /tmp. Those should probably be the same, so that clients can connect to either one. But /var/run/postgresql is 0755 postgres:postgres, so pgbouncer can't write there. How is this supposed to work? -- Peter Eisentraut http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
Hi Peter, On Wed, 2017-04-26 at 08:47 -0400, Peter Eisentraut wrote: > The postgresql packages are configured with a socket directory > /var/run/postgresql, but pgbouncer is configured with /tmp. Hmm, I think I forgot to patch that part -- we create /var/run/pgbouncer, and expect socket file there. > Those should probably be the same, so that clients can connect to either > one. I pass -h /tmp to psql to make this work. I see your point, though. > But /var/run/postgresql is 0755 postgres:postgres, so pgbouncer can't > write there. How is this supposed to work? No idea. Anyone else? Regards, -- Devrim Gündüz EnterpriseDB: http://www.enterprisedb.com PostgreSQL Danışmanı/Consultant, Red Hat Certified Engineer Twitter: @DevrimGunduz , @DevrimGunduzTR
Attachment
On 4/27/17 06:30, Devrim Gündüz wrote: >> But /var/run/postgresql is 0755 postgres:postgres, so pgbouncer can't >> write there. How is this supposed to work? > > No idea. Anyone else? On Debian, there is no separate pgbouncer user and it runs as "postgres". Alternatively, add pgbouncer to the postgres group and change the permissions to 0775. (Or just change them to 0777 and forget the rest.) -- Peter Eisentraut http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
Hi Peter, On Thu, 2017-04-27 at 12:00 -0400, Peter Eisentraut wrote: > On Debian, there is no separate pgbouncer user and it runs as "postgres". If my memory serves well, there was a community request about switching from postgres to pgbouncer user in the past, and that was the reason why we switched to that one. > Alternatively, add pgbouncer to the postgres group and change the > permissions to 0775. > > (Or just change them to 0777 and forget the rest.) Will 0777 be secure? Regards, -- Devrim Gündüz EnterpriseDB: http://www.enterprisedb.com PostgreSQL Danışmanı/Consultant, Red Hat Certified Engineer Twitter: @DevrimGunduz , @DevrimGunduzTR
Attachment
On 4/28/17 06:59, Devrim Gündüz wrote: >> Alternatively, add pgbouncer to the postgres group and change the >> permissions to 0775. >> >> (Or just change them to 0777 and forget the rest.) > > Will 0777 be secure? That depends on what the security requirements are here. -- Peter Eisentraut http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services