Обсуждение: postmaster -D PGDATA and postmaster.pid
Hi,
I am configuring a PG 8.1.9 on CentOS 5. I am seeing some anomalies and would like you feedback.
I have defined a new PGDATA=/qmsvol/pg_8.1.9/data, ran initdb -D /qmsvol/pg_8.1.9/data successfully and can start the engine with pg_ctl -D $PGDATA.
I have also populated /etc/sysconfig/pgsql/postgresql which overrides PGDATA and PGLOG to my values.
However if I try to start the engine with "/etc/init.d/postgresql start " or service postgresql start" I see the following error message in my PGLOG (ie /var/log/pgsql/pgstartup.log)
postmaster cannot access the server configuration file "/qmsvol/pg_8.1.9/data/postgresql.conf": Permission denied
ls -ld /qmsvol /qmsvol/pg_8.1.9 /qmsvol/pg_8.1.9/data /qmsvol/pg_8.1.9/data/postgresql.conf
drwxrwxrwx 4 root root 4096 Nov 26 10:39 /qmsvol
drwx------ 3 postgres postgres 4096 Nov 26 11:25 /qmsvol/pg_8.1.9
drwx------ 11 postgres postgres 4096 Nov 26 12:04 /qmsvol/pg_8.1.9/data
-rw------- 1 postgres postgres 13699 Nov 26 11:25 /qmsvol/pg_8.1.9/data/postgresql.conf
Any ideas ?
Thanks
medi
I am configuring a PG 8.1.9 on CentOS 5. I am seeing some anomalies and would like you feedback.
I have defined a new PGDATA=/qmsvol/pg_8.1.9/data, ran initdb -D /qmsvol/pg_8.1.9/data successfully and can start the engine with pg_ctl -D $PGDATA.
I have also populated /etc/sysconfig/pgsql/postgresql which overrides PGDATA and PGLOG to my values.
However if I try to start the engine with "/etc/init.d/postgresql start " or service postgresql start" I see the following error message in my PGLOG (ie /var/log/pgsql/pgstartup.log)
postmaster cannot access the server configuration file "/qmsvol/pg_8.1.9/data/postgresql.conf": Permission denied
ls -ld /qmsvol /qmsvol/pg_8.1.9 /qmsvol/pg_8.1.9/data /qmsvol/pg_8.1.9/data/postgresql.conf
drwxrwxrwx 4 root root 4096 Nov 26 10:39 /qmsvol
drwx------ 3 postgres postgres 4096 Nov 26 11:25 /qmsvol/pg_8.1.9
drwx------ 11 postgres postgres 4096 Nov 26 12:04 /qmsvol/pg_8.1.9/data
-rw------- 1 postgres postgres 13699 Nov 26 11:25 /qmsvol/pg_8.1.9/data/postgresql.conf
Any ideas ?
Thanks
medi
"Medi Montaseri" <montaseri@gmail.com> writes: > However if I try to start the engine with "/etc/init.d/postgresql start " or > service postgresql start" I see the following error message in my PGLOG (ie > /var/log/pgsql/pgstartup.log) > postmaster cannot access the server configuration file > "/qmsvol/pg_8.1.9/data/postgresql.conf": Permission denied This being CentOS (ie RHEL), you probably have got SELinux turned on by default. The out-of-the-box SELinux policy forbids the postmaster daemon from accessing portions of the filesystem other than /var/lib/pgsql. You can either disable SELinux or fix its policy to allow PG to access the area where you want to put PGDATA. I don't really recommend the former, at least not for a system that has any exposure at all to the open Internet. However, I don't have a recipe for fixing the latter in my hip pocket, either. (Really need to go study SELinux someday.) regards, tom lane
Thanks Tom..that did the magic....
Would I allow PG to start from any -D place by saying
semange fcontext -a -t postgresql_db_t "/qmsvol(/.*)?"
Thanks
Medi
Would I allow PG to start from any -D place by saying
semange fcontext -a -t postgresql_db_t "/qmsvol(/.*)?"
Thanks
Medi
On Nov 26, 2007 7:48 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
"Medi Montaseri" <montaseri@gmail.com> writes:This being CentOS (ie RHEL), you probably have got SELinux turned on
> However if I try to start the engine with "/etc/init.d/postgresql start " or
> service postgresql start" I see the following error message in my PGLOG (ie
> /var/log/pgsql/pgstartup.log)
> postmaster cannot access the server configuration file
> "/qmsvol/pg_8.1.9/data/postgresql.conf": Permission denied
by default. The out-of-the-box SELinux policy forbids the postmaster
daemon from accessing portions of the filesystem other than
/var/lib/pgsql.
You can either disable SELinux or fix its policy to allow PG to access
the area where you want to put PGDATA. I don't really recommend the
former, at least not for a system that has any exposure at all to the
open Internet. However, I don't have a recipe for fixing the latter
in my hip pocket, either. (Really need to go study SELinux someday.)
regards, tom lane