Lists: | pgsql-admin |
---|
From: | "Medi Montaseri" <montaseri(at)gmail(dot)com> |
---|---|
To: | pgsql-admin(at)postgresql(dot)org |
Subject: | postmaster -D PGDATA and postmaster.pid |
Date: | 2007-11-27 03:34:36 |
Message-ID: | 8078a1730711261934l22e62f68t26301d638ae73c96@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Lists: | pgsql-admin |
Hi,
I am configuring a PG 8.1.9 on CentOS 5. I am seeing some anomalies and
would like you feedback.
I have defined a new PGDATA=/qmsvol/pg_8.1.9/data, ran initdb -D
/qmsvol/pg_8.1.9/data successfully and can start the engine with pg_ctl -D
$PGDATA.
I have also populated /etc/sysconfig/pgsql/postgresql which overrides PGDATA
and PGLOG to my values.
However if I try to start the engine with "/etc/init.d/postgresql start " or
service postgresql start" I see the following error message in my PGLOG (ie
/var/log/pgsql/pgstartup.log)
postmaster cannot access the server configuration file
"/qmsvol/pg_8.1.9/data/postgresql.conf": Permission denied
ls -ld /qmsvol /qmsvol/pg_8.1.9 /qmsvol/pg_8.1.9/data
/qmsvol/pg_8.1.9/data/postgresql.conf
drwxrwxrwx 4 root root 4096 Nov 26 10:39 /qmsvol
drwx------ 3 postgres postgres 4096 Nov 26 11:25 /qmsvol/pg_8.1.9
drwx------ 11 postgres postgres 4096 Nov 26 12:04 /qmsvol/pg_8.1.9/data
-rw------- 1 postgres postgres 13699 Nov 26 11:25
/qmsvol/pg_8.1.9/data/postgresql.conf
Any ideas ?
Thanks
medi
From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | "Medi Montaseri" <montaseri(at)gmail(dot)com> |
Cc: | pgsql-admin(at)postgresql(dot)org |
Subject: | Re: postmaster -D PGDATA and postmaster.pid |
Date: | 2007-11-27 03:48:46 |
Message-ID: | 9909.1196135326@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Lists: | pgsql-admin |
"Medi Montaseri" <montaseri(at)gmail(dot)com> writes:
> However if I try to start the engine with "/etc/init.d/postgresql start " or
> service postgresql start" I see the following error message in my PGLOG (ie
> /var/log/pgsql/pgstartup.log)
> postmaster cannot access the server configuration file
> "/qmsvol/pg_8.1.9/data/postgresql.conf": Permission denied
This being CentOS (ie RHEL), you probably have got SELinux turned on
by default. The out-of-the-box SELinux policy forbids the postmaster
daemon from accessing portions of the filesystem other than
/var/lib/pgsql.
You can either disable SELinux or fix its policy to allow PG to access
the area where you want to put PGDATA. I don't really recommend the
former, at least not for a system that has any exposure at all to the
open Internet. However, I don't have a recipe for fixing the latter
in my hip pocket, either. (Really need to go study SELinux someday.)
regards, tom lane
From: | "Medi Montaseri" <montaseri(at)gmail(dot)com> |
---|---|
To: | "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | pgsql-admin(at)postgresql(dot)org |
Subject: | Re: postmaster -D PGDATA and postmaster.pid |
Date: | 2007-11-27 22:17:05 |
Message-ID: | 8078a1730711271417l26d25382ha33a1ec4439bbf00@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Lists: | pgsql-admin |
Thanks Tom..that did the magic....
Would I allow PG to start from any -D place by saying
semange fcontext -a -t postgresql_db_t "/qmsvol(/.*)?"
Thanks
Medi
On Nov 26, 2007 7:48 PM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> "Medi Montaseri" <montaseri(at)gmail(dot)com> writes:
> > However if I try to start the engine with "/etc/init.d/postgresql start
> " or
> > service postgresql start" I see the following error message in my PGLOG
> (ie
> > /var/log/pgsql/pgstartup.log)
>
> > postmaster cannot access the server configuration file
> > "/qmsvol/pg_8.1.9/data/postgresql.conf": Permission denied
>
> This being CentOS (ie RHEL), you probably have got SELinux turned on
> by default. The out-of-the-box SELinux policy forbids the postmaster
> daemon from accessing portions of the filesystem other than
> /var/lib/pgsql.
>
> You can either disable SELinux or fix its policy to allow PG to access
> the area where you want to put PGDATA. I don't really recommend the
> former, at least not for a system that has any exposure at all to the
> open Internet. However, I don't have a recipe for fixing the latter
> in my hip pocket, either. (Really need to go study SELinux someday.)
>
> regards, tom lane
>