Re: postmaster -D PGDATA and postmaster.pid

Hi,

I am configuring a PG 8.1.9 on CentOS 5. I am seeing some anomalies and
would like you feedback.
I have defined a new PGDATA=/qmsvol/pg_8.1.9/data, ran initdb -D
/qmsvol/pg_8.1.9/data successfully and can start the engine with pg_ctl -D
$PGDATA.

I have also populated /etc/sysconfig/pgsql/postgresql which overrides PGDATA
and PGLOG to my values.

However if I try to start the engine with "/etc/init.d/postgresql start " or
service postgresql start" I see the following error message in my PGLOG (ie
/var/log/pgsql/pgstartup.log)

postmaster cannot access the server configuration file
"/qmsvol/pg_8.1.9/data/postgresql.conf": Permission denied

ls -ld /qmsvol /qmsvol/pg_8.1.9 /qmsvol/pg_8.1.9/data
/qmsvol/pg_8.1.9/data/postgresql.conf
drwxrwxrwx 4 root root 4096 Nov 26 10:39 /qmsvol
drwx------ 3 postgres postgres 4096 Nov 26 11:25 /qmsvol/pg_8.1.9
drwx------ 11 postgres postgres 4096 Nov 26 12:04 /qmsvol/pg_8.1.9/data
-rw------- 1 postgres postgres 13699 Nov 26 11:25
/qmsvol/pg_8.1.9/data/postgresql.conf

Any ideas ?

Thanks
medi

"Medi Montaseri" <montaseri(at)gmail(dot)com> writes:
> However if I try to start the engine with "/etc/init.d/postgresql start " or
> service postgresql start" I see the following error message in my PGLOG (ie
> /var/log/pgsql/pgstartup.log)

> postmaster cannot access the server configuration file
> "/qmsvol/pg_8.1.9/data/postgresql.conf": Permission denied

This being CentOS (ie RHEL), you probably have got SELinux turned on
by default. The out-of-the-box SELinux policy forbids the postmaster
daemon from accessing portions of the filesystem other than
/var/lib/pgsql.

You can either disable SELinux or fix its policy to allow PG to access
the area where you want to put PGDATA. I don't really recommend the
former, at least not for a system that has any exposure at all to the
open Internet. However, I don't have a recipe for fixing the latter
in my hip pocket, either. (Really need to go study SELinux someday.)

regards, tom lane

Thanks Tom..that did the magic....

Would I allow PG to start from any -D place by saying

semange fcontext -a -t postgresql_db_t "/qmsvol(/.*)?"

Thanks
Medi

On Nov 26, 2007 7:48 PM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:

> "Medi Montaseri" <montaseri(at)gmail(dot)com> writes:
> > However if I try to start the engine with "/etc/init.d/postgresql start
> " or
> > service postgresql start" I see the following error message in my PGLOG
> (ie
> > /var/log/pgsql/pgstartup.log)
>
> > postmaster cannot access the server configuration file
> > "/qmsvol/pg_8.1.9/data/postgresql.conf": Permission denied
>
> This being CentOS (ie RHEL), you probably have got SELinux turned on
> by default. The out-of-the-box SELinux policy forbids the postmaster
> daemon from accessing portions of the filesystem other than
> /var/lib/pgsql.
>
> You can either disable SELinux or fix its policy to allow PG to access
> the area where you want to put PGDATA. I don't really recommend the
> former, at least not for a system that has any exposure at all to the
> open Internet. However, I don't have a recipe for fixing the latter
> in my hip pocket, either. (Really need to go study SELinux someday.)
>
> regards, tom lane
>