On Fri, Jan 21, 2011 at 1:00 AM, Tom Lane <t...@sss.pgh.pa.us> wrote: > Fujii Masao <masao.fu...@gmail.com> writes: >> On Thu, Jan 20, 2011 at 10:53 AM, Tom Lane <t...@sss.pgh.pa.us> wrote: >>>> I'm not sure why that's the right solution. Why do you think that we should >>>> not create the tablespace under the $PGDATA directory? I'm not surprised >>>> that people mounts the filesystem on $PGDATA/mnt and creates the >>>> tablespace on it. > >>> No? Usually, having a mount point in a non-root-owned directory is >>> considered a Bad Thing. > >> Hmm.. but ISTM we can have a root-owned mount point in $PGDATA >> and create a tablespace there. > > Nonsense. The more general statement is that it's a security hole > unless the mount point *and everything above it* is root owned.
Probably true. But we cannot create a tablespace for root-owned directory. The directory must be owned by the PostgreSQL system user. So ISTM that you says that creating a tablespace on a mount point itself is a security hole. > In the case you sketch, there would be nothing to stop the (non root) > postgres user from renaming $PGDATA/mnt to something else and then > inserting his own trojan-horse directories. Hmm.. can non-root postgres user really rename the root-owned directory while it's being mounted? > Moreover, I see no positive *good* reason to do it. There isn't > anyplace under $PGDATA that users should be randomly creating > directories, much less mount points. When taking a base backup, you don't need to take a backup of tablespaces separately from that of $PGDATA. You have only to take a backup of $PGDATA. Regards, -- Fujii Masao NIPPON TELEGRAPH AND TELEPHONE CORPORATION NTT Open Source Software Center -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
