Re: Ignore lost+found when checking if a directory is empty

Alvaro Herrera <alvherre(at)commandprompt(dot)com> writes:
> Excerpts from Jeff Davis's message of mar ago 09 16:03:26 -0400 2011:
>> I think I agree with Peter here that it's not a very good idea, and I
>> don't see a big upside. With tablespaces it seems to make a little bit
>> more sense, but I'd still lean away from that idea.

> What if the init script tries to start postmaster before the filesystems
> are mounted? ISTM requiring a subdir is a good sanity check that the
> system is ready to run. Not creating stuff directly on the mountpoint
> ensures consistency.

I went looking in the archives for previous discussions of this idea.
Most of them seem to focus on tablespaces rather than the primary data
directory, but the objections to doing it are pretty much the same
either way. The security concerns I mentioned seem to boil down to this
(from <25791(dot)1132238048(at)sss(dot)pgh(dot)pa(dot)us>):

Yeah, you *can* make it not-root-owned on most Unixen. That doesn't
mean it's a good idea to do so. For instance, if the root directory
is owned by Joe Luser, what's to stop him from blowing away lost+found
and thereby screwing up future fscks? You should basically never have
more-privileged objects (such as lost+found) inside directories owned by
less-privileged users --- it's just asking for trouble.

regards, tom lane