On May 26, 2015 07:31, "Tom Lane" <t...@sss.pgh.pa.us> wrote: > > Josh Berkus <j...@agliodbs.com> writes: > > We need to get a notice out to our users who might update their servers > > and get stuck behind the fsync bug. As such, I've prepared a FAQ. > > Please read, correct and improve this FAQ so that it's fit for us to > > announce to users as soon as possible: > > > https://wiki.postgresql.org/wiki/May_2015_Fsync_Permissions_Bug > > Judging by Ross Boylan's report at > http://www.postgresql.org/message-id/f1f13e14a610474196571953929c02096d0...@ex08.net.ucsf.edu > it's not sufficient to just recommend "changing permissions" on the > problematic files. It's not entirely clear from here whether there is a > solution that both allows fsync on referenced files and keeps OpenSSL > happy; but if there is, it probably requires making the cert files be > owned by the postgres user, as well as adjusting their permissions to > be 0640 or thereabouts. I'm worried about whether that breaks other > services using the same cert files. >
It almost certainly will. I think the recommendation has to be that if it's a symlink, it should be replaced with a copy of the file, and that copy be chown and chmod the right way. /Magnus
