Thread: pgbouncer packaging issue
Hi, I have an issue to report with a config file shipped in the pgbouncer package. You're installing /usr/lib/tmpfiles.d/pgbouncer.conf to create the /var/run/pgbouncer dir, but the permissions on that dir are too restrictive -- 700 -- for any file to be read by any user except pgbouncer and root. In my situation, for whatever reason my PHP implementation can't read unix sockets in /tmp, and I would like to install the socket to the /var/run dir since the pgbouncer user has write permissions there. This is a very similar situation as the postgresql conf file which creates the /var/run/postgresql dir. I could manually change the directory permission myself, but it would be overwritten the next time there's a bouncer update. Thanks. -- Brandon J. Snider
On 1/9/18 13:47, Brandon Snider wrote: > You're installing /usr/lib/tmpfiles.d/pgbouncer.conf to create the > /var/run/pgbouncer dir, but the permissions on that dir are too > restrictive -- 700 -- for any file to be read by any user except > pgbouncer and root. In my situation, for whatever reason my PHP > implementation can't read unix sockets in /tmp, That might need further explanation. > and I would like to > install the socket to the /var/run dir since the pgbouncer user has > write permissions there. This is a very similar situation as the > postgresql conf file which creates the /var/run/postgresql dir. I > could manually change the directory permission myself, but it would be > overwritten the next time there's a bouncer update. Depending on the operating system, you should put the socket into /tmp or /var/run/postgresql, because that's where a PostgreSQL client would expect it. The client isn't supposed to know that it's connecting to pgbouncer instead. So /var/run/pgbouncer is in any case not a designated place for a Unix-domain socket. -- Peter Eisentraut http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
Am 9. Januar 2018 19:59:04 MEZ schrieb Peter Eisentraut <peter.eisentraut@2ndquadrant.com>: >On 1/9/18 13:47, Brandon Snider wrote: >> You're installing /usr/lib/tmpfiles.d/pgbouncer.conf to create the >> /var/run/pgbouncer dir, but the permissions on that dir are too >> restrictive -- 700 -- for any file to be read by any user except >> pgbouncer and root. In my situation, for whatever reason my PHP >> implementation can't read unix sockets in /tmp, > >That might need further explanation. That's likely systemd at work. By default, each process gets its own /tmp bind-mounted.
On 1/9/18 16:11, Christoph Berg wrote: > Am 9. Januar 2018 19:59:04 MEZ schrieb Peter Eisentraut <peter.eisentraut@2ndquadrant.com>: >> On 1/9/18 13:47, Brandon Snider wrote: >>> You're installing /usr/lib/tmpfiles.d/pgbouncer.conf to create the >>> /var/run/pgbouncer dir, but the permissions on that dir are too >>> restrictive -- 700 -- for any file to be read by any user except >>> pgbouncer and root. In my situation, for whatever reason my PHP >>> implementation can't read unix sockets in /tmp, >> >> That might need further explanation. > > That's likely systemd at work. By default, each process gets its own /tmp bind-mounted. Right. After further off-list discussion, the actual bug here is that pgbouncer should puts its socket into /var/run/postgresql, which is the standard location on that platform. But that doesn't work because pgbouncer runs under a separate user and doesn't have permission there. This has been previously reported on this list. -- Peter Eisentraut http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
Hi, On Wed, 2018-01-10 at 09:56 -0500, Peter Eisentraut wrote: > Right. After further off-list discussion, the actual bug here is that > pgbouncer should puts its socket into /var/run/postgresql, which is the > standard location on that platform. But that doesn't work because > pgbouncer runs under a separate user and doesn't have permission there. > This has been previously reported on this list. This bites me a lot, too. I'll read you previous email(s) about this, and see what I can do. Regards, -- Devrim Gündüz EnterpriseDB: https://www.enterprisedb.com PostgreSQL Consultant, Red Hat Certified Engineer Twitter: @DevrimGunduz , @DevrimGunduzTR