Re: Postgres and chroot

Melvyn Sopacua <mdev@idg.nl> writes:
> 1) Postgres requires me to have 'su' in the chrooted env

Postgres itself doesn't use su.  Surely you can figure out a way to
run a program as non-root inside the chroot area (login, maybe)?
There's nothing that says you have to use that particular start script.

> 2) Postgres makes a shell call to the 'cp' command when creating new databases.

Yup.  Live with it, or reimplement recursive cp in CREATE DATABASE.
Don't forget 'rm' too for DROP DATABASE.  I don't really see the point
though; why shouldn't cp/rm be available inside the chroot playpen?

> -- Does anybody run PostgreSQL chrooted and so, how?

I'm pretty sure uunet is running multiple Postgreses chrooted to
different places on the same system.

However, I wonder if you aren't adopting a MySQL-driven worldview
in assuming that you need to do this in the first place.  Since Postgres
doesn't run as root, and doesn't expose any filesystem access capability
to non-superusers, the need to put it in a chroot playpen seems much
less to me.

            regards, tom lane