Thread: [GENERAL] Is it OK to create a directory in PGDATA dir
In the container world, sometime the only persistent storage path (that is, storage outside container world) is PGDATA. Is it fine to create a subdir inside PGDATA and store our stuff there, or will PG freak out seeing a foreign object. thanks -- Sent from: http://www.postgresql-archive.org/PostgreSQL-general-f1843780.html -- Sent via pgsql-general mailing list (pgsql-general@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
Hi, On 10/19/2017 09:58 PM, rakeshkumar464 wrote: > In the container world, sometime the only persistent storage path > (that is, storage outside container world) is PGDATA.> I don't want to be the "You're doing it wrong!" guy, but you're doing it wrong. If a container only gives you a single persistent storage path, then don't use it as PGDATA directly, but create PGDATA as one of the directories in that path. And create a directory for other stuff next to it, not in the data directory. > > Is it fine to create a subdir inside PGDATA and store our stuff > there, or will PG freak out seeing a foreign object. > PostgreSQL certainly does not check if there are unknown directories in the data directory, and it will not crash and burn. But it causes all sorts of problems, and it increases the probability of human error. regards -- Tomas Vondra http://www.2ndQuadrant.com PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services -- Sent via pgsql-general mailing list (pgsql-general@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
On 10/19/2017 1:25 PM, Tomas Vondra wrote:
+1
That will also pave the way for an upgrade in the future, where you might need another directory for data, e.g. PGDATA-10, PGDATA-11, etc.
On 10/19/2017 09:58 PM, rakeshkumar464 wrote:In the container world, sometime the only persistent storage path (that is, storage outside container world) is PGDATA.>I don't want to be the "You're doing it wrong!" guy, but you're doing it wrong. If a container only gives you a single persistent storage path, then don't use it as PGDATA directly, but create PGDATA as one of the directories in that path. And create a directory for other stuff next to it, not in the data directory.
+1
That will also pave the way for an upgrade in the future, where you might need another directory for data, e.g. PGDATA-10, PGDATA-11, etc.
Igal Sapir
Lucee Core Developer
Lucee.org
Hey I am not the container guy. I agree with you 100%. -- Sent from: http://www.postgresql-archive.org/PostgreSQL-general-f1843780.html -- Sent via pgsql-general mailing list (pgsql-general@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
On 10/19/2017 1:25 PM, Tomas Vondra wrote:
Is it fine to create a subdir inside PGDATA and store our stuff there, or will PG freak out seeing a foreign object.PostgreSQL certainly does not check if there are unknown directories in the data directory, and it will not crash and burn. But it causes all sorts of problems, and it increases the probability of human error.
most importantly, ONLY the postgres system process should have access to the pgdata directory, it should have permissions 700. your apps should be running as a different user, and that user won't have access to said PGDATA.
-- john r pierce, recycling bits in santa cruz
On 10/19/2017 1:25 PM, Tomas Vondra wrote:Is it fine to create a subdir inside PGDATA and store our stuff there, or will PG freak out seeing a foreign object.PostgreSQL certainly does not check if there are unknown directories in the data directory, and it will not crash and burn. But it causes all sorts of problems, and it increases the probability of human error.
most importantly, ONLY the postgres system process should have access to the pgdata directory, it should have permissions 700. your apps should be running as a different user, and that user won't have access to said PGDATA.
Untrusted languages in the server, and superuser use of COPY, count as "applications" that are going to be running under the postgres user as far as the O/S is concerned.
I do agree that external applications should communicate with the server via a session and not by mutual knowledge of a filesystem location.
I too would recommend not conflating system-related data that belongs in PGDATA and application-related data that should reside outside of that location.
David J.