Re: EL7 and Apache private /tmp/ directories

Hi,

Thanks for the heads-up. New PostgreSQL minor releases are due next
week, and I'll queue this for that.

Regards, Devrim

On Thu, 2015-04-30 at 20:02 -0400, James Laska wrote:
> Greetings,
>
> In EL7 (RHEL+CentOS), as a security measure, Apache processes get a private
> /tmp/ directory [1].  As a result, this means that any Apache processes
> attempting to connect to postgresql using a domain socket will be unable to
> connect.
>
> EL7 (and Fedora) address this problem by updating the following setting in
> postgresql.conf [2]
>
> unix_socket_directories = '/var/run/postgresql, /tmp'
> >
>
> And by modifying DEFAULT_PGSOCKET_DIR in pg_config_manual.h [3].
>
> -#define DEFAULT_PGSOCKET_DIR  "/tmp"
> > +#define DEFAULT_PGSOCKET_DIR  "/var/run/postgresql"
> >
>
> Can these changes be included in the EL7 RPMs provided at yum.postgresql.org
> ?
>
> Thanks,
> James
>
> [1] https://fedoraproject.org/wiki/Features/ServicesPrivateTmp
> [2] http://bugzilla.redhat.com/825448
> [3]
> http://pkgs.fedoraproject.org/cgit/postgresql.git/tree/postgresql-var-run-socket.patch


--
Devrim GÜNDÜZ
Principal Systems Engineer @ EnterpriseDB: http://www.enterprisedb.com
PostgreSQL Danışmanı/Consultant, Red Hat Certified Engineer
Twitter: @DevrimGunduz , @DevrimGunduzTR