Re: fsync bug faq for publication?

<p dir="ltr"><br /> On May 26, 2015 07:31, "Tom Lane" <<a href="mailto:tgl@sss.pgh.pa.us">tgl@sss.pgh.pa.us</a>>
wrote:<br/> ><br /> > Josh Berkus <<a href="mailto:josh@agliodbs.com">josh@agliodbs.com</a>> writes:<br />
>> We need to get a notice out to our users who might update their servers<br /> > > and get stuck behind
thefsync bug.  As such, I've prepared a FAQ.<br /> > > Please read, correct and improve this FAQ so that it's fit
forus to<br /> > > announce to users as soon as possible:<br /> ><br /> > > <a
href="https://wiki.postgresql.org/wiki/May_2015_Fsync_Permissions_Bug">https://wiki.postgresql.org/wiki/May_2015_Fsync_Permissions_Bug</a><br
/>><br /> > Judging by Ross Boylan's report at<br /> > <a
href="http://www.postgresql.org/message-id/F1F13E14A610474196571953929C02096D0E97@ex08.net.ucsf.edu">http://www.postgresql.org/message-id/F1F13E14A610474196571953929C02096D0E97@ex08.net.ucsf.edu</a><br
/>> it's not sufficient to just recommend "changing permissions" on the<br /> > problematic files.  It's not
entirelyclear from here whether there is a<br /> > solution that both allows fsync on referenced files and keeps
OpenSSL<br/> > happy; but if there is, it probably requires making the cert files be<br /> > owned by the
postgresuser, as well as adjusting their permissions to<br /> > be 0640 or thereabouts.  I'm worried about whether
thatbreaks other<br /> > services using the same cert files.<br /> ><p dir="ltr">It almost certainly will. <p
dir="ltr">Ithink the recommendation has to be that if it's a symlink, it should be replaced with a copy of the file,
andthat copy be chown and chmod the right way. <p dir="ltr">/Magnus