Обсуждение: separating PG binaries into a ro mounted partition
Hi, ~ I would like to separate all PG binaries from the created data for tables, indexes (which could be written and updated to) and also from the log files created by PG. Idealy I would like to be able to reset those directories at run-time through environment variables and even run PG from a CD-ROM ~ So I will need to include those a-la {$DATA_DIR} in conf files and previously set them in an initial script ~ I know I will have to install PG from source, but I guess there is a lot more I don't know about the installation procedures found in the /postgresql-8.2.5/INSTALL notes, my ./configure stat should be like this: ~ PG_INSTALL_DIR=<> RM_DIR=<> ./configure --prefix=$PG_INSTALL_DIR --without-readline --without-docdir --mandir=$RM_DIR rm $RM_DIR ~ I am planning to use the read-only mount feature and the append-only attributes of the ext3 file system under Linux ~ Which other conf files will I have to tinker with? ~ Are there any best practices using these ideas for the installation of PG? ~ Thanks lbrtchx
All the config files reside in the data directory so there shoudl be a problem making /usr/local/postgres/bin (or whatever you choose to install the binaries) to be a read-only mounted partition. The other option (which is far easier) would be to set the binaries immutable. As root, run this:
chattr +i /use/local/postgres/bin/*
That way only root can remove the immutable flag so they can be changed - if it's a security issue behind your desire to do this then it doesn't matter that root can do that versus your suggestion as root would be able to just remount the partition rw:
mount -o remount,rw /usr/local/postgres
If you can advise why you want them to be read-only then we can make better suggestions.
Cheers,
~p
THINK BEFORE YOU PRINT - Save paper if you don't really need to print this e-mail.
*******************Confidentiality and Privilege Notice*******************
The material contained in this message is privileged and confidential to the addressee. If you are not the addressee indicated in this message or responsible for delivery of the message to such person, you may not copy or deliver this message to anyone, and you should destroy it and kindly notify the sender by reply email.
Information in this message that does not relate to the official business of Weatherbeeta must be treated as neither given nor endorsed by Weatherbeeta. Weatherbeeta, its employees, contractors or associates shall not be liable for direct, indirect or consequential loss arising from transmission of this message or any attachments
> Phillip Smith <phillip.smith@weatherbeeta.com.au> wrote: > What are you trying to acheive by making the binaries read-only? ~ * convinience: If I have PG on a baseline Linux distro running from a USB stick or CD (or a mini-DVD) and I go around with my micro drive, I could just sit anywhere they have a PC with a USB port or CD-player and an available USB/or firewire port for my micro device. ~ This is why I need to also be able to configure the mount point my PGDATA will be in. I have done that before with mysql and it works just fine, but PG is more appealing for me because it has features I need and it is more committed to java. ~ * security: I could go anywhere knowing that as long as I mount/configure PG and other apps I have, such as tomcat, as read-only it is impossibly hard for people to alter my files even though they could tinker with the BIOS and RAM ~ Also config files could stay where they be, because they don't/shouldn't change as PG runs. I only need to put in a separate writable (&/|| updatable) and appendable filesystem areas all other data ~ So, what are the installation options to acheive what I specified in the OP? ~ thanks lbrtchx
So, what are the installation options to acheive what I specified in the OP?
Did you go through this?
http://www.postgresql.org/docs/8.2/static/install-procedure.html
--
Usama Munir Dar http://www.linkedin.com/in/usamadar
Consultant Architect
Cell:+92 321 5020666
Skype: usamadar