On Wed, Jul 16, 2025 at 8:42 PM Greg Sabino Mullane
wrote:
> On Wed, Jul 16, 2025 at 9:25 AM Amol Inamdar wrote:
>
>>
>>1. NFS mount point is for /nfs-mount/postgres (and permissions locked
>>down so that Postgres cannot create directories in here)
>>2. Postgres data directory is /nf
Amol Inamdar writes:
> @Laurenz Albe
>> If you pre-create the data directory with the appropriate permissions,
>> what keeps you from giving ownership to the correct user too?
> Our NFS server is not a regular linux based server,
> it's on zOS (Mainframes) with AT-TLS security enabled,
> hence i
@Laurenz Albe
If you pre-create the data directory with the appropriate permissions,
what keeps you from giving ownership to the correct user too?
Our NFS server is not a regular linux based server,
it's on zOS (Mainframes) with AT-TLS security enabled,
hence it doesn't allow changing of ownershi
On Wed, Jul 16, 2025 at 9:25 AM Amol Inamdar wrote:
>
>1. NFS mount point is for /nfs-mount/postgres (and permissions locked
>down so that Postgres cannot create directories in here)
>2. Postgres data directory is /nfs-mount/postgres/db
>3.
>
>With secured NFS + AT-TLS setup P
On Wed, 2025-07-16 at 18:54 +0530, Amol Inamdar wrote:
> I would like to rephrase the question a little bit, below is how our setup
> going to be
> 1. NFS mount point is for /nfs-mount/postgres (and permissions locked down
> so
> that Postgres cannot create directories in here)
> 2.
Quoting Tom's earlier email:
"(But I too *would not use Postgres-over-NFS for any critical data*.
Too many moving parts. It's tough enough to ensure crash safety
with local storage.)"
You're going through a lot of security effort to implement a Worst Practice.
On Wed, Jul 16, 2025 at 9:25 AM Amo
Hi All,
I would like to rephrase the question a little bit, below is how our setup
going to be
1. NFS mount point is for /nfs-mount/postgres (and permissions locked
down so that Postgres cannot create directories in here)
2. Postgres data directory is /nfs-mount/postgres/db
3.
Wit
Thanks Tom and Laurenz for the explanation.
Let me try out a few things and get back to you if needed.
Thanks,
Amol
On Mon, Jul 14, 2025 at 7:37 PM Tom Lane wrote:
> Laurenz Albe writes:
> > It is not a good idea to have a mount point be the data directory.
>
> ^^^ This. ^^^
>
> That is primar
Thanks Laurenz.
On Mon, Jul 14, 2025 at 8:11 PM Laurenz Albe
wrote:
> On Mon, 2025-07-14 at 18:32 +0530, Amol Inamdar wrote:
> > > The data directory can either be created by "initdb", in which case
> > > the mount point must allow the PostgreSQL user to create a directory.
> > > You could set t
On Mon, 2025-07-14 at 14:30 -0400, Tom Lane wrote:
> (I have a vague idea that there are system-level security hazards,
> not specific to Postgres, if mount-point directories are publicly
> writable. Don't feel like researching that though.)
Well, if you are using an ext? file system, there is a
Benjamin Wang writes:
> I am not sure whether PostgreSQL depends on system call `fsyncdata` to
> sync data to disk. If yes, then I don't think it's safe to use NFS.
Well, that's a whole other discussion. The point about mount
directories applies to any sort of dismountable storage.
(But I too
On Mon, Jul 14, 2025 at 12:02 PM Benjamin Wang
wrote:
> I am not sure whether PostgreSQL depends on system call `fsyncdata` to
> sync data to disk.
>
https://www.postgresql.org/docs/current/runtime-config-wal.html#GUC-WAL-SYNC-METHOD
David J.
I am not sure whether PostgreSQL depends on system call `fsyncdata` to
sync data to disk. If yes, then I don't think it's safe to use NFS.
When `fsyncdata` returns success, it doesn't mean the data has
really been synced to disk. But if PostgreSQL crashes right after
it returns success to clients.
"Peter J. Holzer" writes:
> On 2025-07-14 10:07:20 -0400, Tom Lane wrote:
>> That is primarily for safety reasons: if for some reason the
>> filesystem gets dismounted, or hasn't come on-line yet during
>> a reboot, you do not want Postgres to be able to write on the
>> underlying mount-point dire
On 2025-07-14 10:07:20 -0400, Tom Lane wrote:
> Laurenz Albe writes:
> > It is not a good idea to have a mount point be the data directory.
>
> ^^^ This. ^^^
>
> That is primarily for safety reasons: if for some reason the
> filesystem gets dismounted, or hasn't come on-line yet during
> a reboo
On Mon, 2025-07-14 at 18:32 +0530, Amol Inamdar wrote:
> > The data directory can either be created by "initdb", in which case
> > the mount point must allow the PostgreSQL user to create a directory.
> > You could set the group of the mount point to the group of the
> > PostgreSQL user and use per
Laurenz Albe writes:
> It is not a good idea to have a mount point be the data directory.
^^^ This. ^^^
That is primarily for safety reasons: if for some reason the
filesystem gets dismounted, or hasn't come on-line yet during
a reboot, you do not want Postgres to be able to write on the
underly
Thanks Laurenz,
The data directory can either be created by "initdb", in which case
the mount point must allow the PostgreSQL user to create a directory.
You could set the group of the mount point to the group of the
PostgreSQL user and use permissions 1770, which should be perfectly safe.
This e
Hi Laurenz
Thanks for the reply,
If I am not mistaken, below is my understanding of your suggestion.
Suppose that My mount point on the NFS server is say /nfs-mount/postgres/
and you are suggesting to have a data directory as say
/nfs-mount/postgres/db or something like that ?
and assign this va
On Mon, 2025-07-14 at 17:59 +0530, Amol Inamdar wrote:
> If I am not mistaken, below is my understanding of your suggestion.
>
> Suppose that My mount point on the NFS server is say /nfs-mount/postgres/
> and you are suggesting to have a data directory as say /nfs-mount/postgres/db
> or somethi
On Mon, 2025-07-14 at 11:19 +0530, Amol Inamdar wrote:
> I'm currently running PostgreSQL version 16.6 inside a Docker container
> (base image: UBI 9), using Docker Compose. The PostgreSQL data directory
> is mounted from an NFS volume hosted on a z/OS NFS server.
>
> The environment has a few con
Dear PostgreSQL Community,
I'm currently running PostgreSQL version 16.6 inside a Docker container
(base image: UBI 9), using Docker Compose. The PostgreSQL data directory
is mounted from an NFS volume hosted on a z/OS NFS server.
The environment has a few constraints:
- The NFS server runs on z
22 matches
Mail list logo
