Add doc advice about systemd RemoveIPC
Here is a patch to add some information about the systemd RemoveIPC
issue to the documentation, sort of in the spirit of the OOM discussion
nearby.
--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
Attachments:
0001-doc-Add-advice-about-systemd-RemoveIPC.patchtext/x-patch; name=0001-doc-Add-advice-about-systemd-RemoveIPC.patchDownload+82-1
On Wed, Dec 28, 2016 at 4:34 AM, Peter Eisentraut <
peter.eisentraut@2ndquadrant.com> wrote:
Here is a patch to add some information about the systemd RemoveIPC
issue to the documentation, sort of in the spirit of the OOM discussion
nearby.
I wonder if I missed part of the discussions around this, so maybe my
understanding of the cases where this occurs is wrong, but isn't it the
case of pretty much all (or actually) all the packaged versions of
postgresql out there (debian, redhat etc) that they do the right thing, as
in that they create "postgres" as a system user?
I like the text in general, but if the above is true, then I think we
should put a note at the beginning of it with something along the line (not
using those words) of "if you have installed postgresql using packages, the
packager should have taken care of this already"? So as not to scare people
unnecessarily?
--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/
On 30 December 2016 at 16:59, Magnus Hagander <magnus@hagander.net> wrote:
On Wed, Dec 28, 2016 at 4:34 AM, Peter Eisentraut
<peter.eisentraut@2ndquadrant.com> wrote:Here is a patch to add some information about the systemd RemoveIPC
issue to the documentation, sort of in the spirit of the OOM discussion
nearby.I wonder if I missed part of the discussions around this, so maybe my
understanding of the cases where this occurs is wrong, but isn't it the case
of pretty much all (or actually) all the packaged versions of postgresql out
there (debian, redhat etc) that they do the right thing, as in that they
create "postgres" as a system user?
Yes.
The postgres docs do tend to ignore the reality of most actual
postgres users, though, and talk as if you installed it from source
code under your own user account. I see people bewildered by this
regularly, since we have no discussion at all of common things like
"sudo -u postgres psql" on default packaged installs. Sure, there are
many platforms, but still.
I like the text in general, but if the above is true, then I think we should
put a note at the beginning of it with something along the line (not using
those words) of "if you have installed postgresql using packages, the
packager should have taken care of this already"? So as not to scare people
unnecessarily?
You need to have not only installed it with packages, but be running
it under the package-provided postgres user account. This is not
always the case. I see installs from packages that are then manually
initdb'd in /srv/wtf/why all the time, sadly, and often launched by
manual pg_ctl invocations under surprising user accounts.
"If you have installed postgres from distribution or
postgresql.org-provided packages and use the scripts or commands
provided by the packages to start and stop PostgreSQL, this issue is
unlikely to affect you."
?
--
Craig Ringer http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
On 12/30/16 3:59 AM, Magnus Hagander wrote:
I wonder if I missed part of the discussions around this, so maybe my
understanding of the cases where this occurs is wrong, but isn't it the
case of pretty much all (or actually) all the packaged versions of
postgresql out there (debian, redhat etc) that they do the right thing,
as in that they create "postgres" as a system user?
If you install a package but the user already exists, then the package
will just use that user. So just using a package is not a guarantee
that everything will be alright.
--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
On Sat, Dec 31, 2016 at 6:30 AM, Peter Eisentraut <
peter.eisentraut@2ndquadrant.com> wrote:
On 12/30/16 3:59 AM, Magnus Hagander wrote:
I wonder if I missed part of the discussions around this, so maybe my
understanding of the cases where this occurs is wrong, but isn't it the
case of pretty much all (or actually) all the packaged versions of
postgresql out there (debian, redhat etc) that they do the right thing,
as in that they create "postgres" as a system user?If you install a package but the user already exists, then the package
will just use that user. So just using a package is not a guarantee
that everything will be alright.
Good point.
I still think that some wording in the direction of the fact that the
majority of all users won't actually have this problem is the right thing
to do (regardless of our previous history in the area as pointed out by
Craig)
--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/
Magnus Hagander <magnus@hagander.net> writes:
I still think that some wording in the direction of the fact that the
majority of all users won't actually have this problem is the right thing
to do (regardless of our previous history in the area as pointed out by
Craig)
+1. The use-a-system-user solution is the one that's in place on the
ground for most current PG users on affected platforms. We should explain
that one first and make clear that platform-specific packages attempt to
set it up that way for you. The RemoveIPC technique should be documented
as a fallback to be used if you can't/won't use a system userid.
regards, tom lane
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
On 12/31/16 11:43 AM, Tom Lane wrote:
Magnus Hagander <magnus@hagander.net> writes:
I still think that some wording in the direction of the fact that the
majority of all users won't actually have this problem is the right thing
to do (regardless of our previous history in the area as pointed out by
Craig)+1. The use-a-system-user solution is the one that's in place on the
ground for most current PG users on affected platforms. We should explain
that one first and make clear that platform-specific packages attempt to
set it up that way for you. The RemoveIPC technique should be documented
as a fallback to be used if you can't/won't use a system userid.
How about this version, which shifts the emphasis a bit, as suggested?
--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
Attachments:
v2-0001-doc-Add-advice-about-systemd-RemoveIPC.patchtext/x-patch; name=v2-0001-doc-Add-advice-about-systemd-RemoveIPC.patchDownload+77-1
On Fri, Feb 10, 2017 at 10:36 PM, Peter Eisentraut <
peter.eisentraut@2ndquadrant.com> wrote:
On 12/31/16 11:43 AM, Tom Lane wrote:
Magnus Hagander <magnus@hagander.net> writes:
I still think that some wording in the direction of the fact that the
majority of all users won't actually have this problem is the rightthing
to do (regardless of our previous history in the area as pointed out by
Craig)+1. The use-a-system-user solution is the one that's in place on the
ground for most current PG users on affected platforms. We shouldexplain
that one first and make clear that platform-specific packages attempt to
set it up that way for you. The RemoveIPC technique should be documented
as a fallback to be used if you can't/won't use a system userid.How about this version, which shifts the emphasis a bit, as suggested?
Looks much better.
+ <para>
+ If <productname>systemd</productname> is in use, some care must be
taken
+ that IPC resources (shared memory and semaphores) are not prematurely
+ removed by the operating system. This is especially of concern when
+ installing PostgreSQL from source. Users of distribution packages of
+ PostgreSQL are less likely to be affected.
+ </para>I would add "are less likely to be affected as the postgres user is
normally created as a system user" or something like that -- to indicate
*why* they are less likely to be affected (and it also tells people that if
they change the user, then they might become affected again).
--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/
On 2/14/17 11:49 AM, Magnus Hagander wrote:
+ <para> + If <productname>systemd</productname> is in use, some care must be taken + that IPC resources (shared memory and semaphores) are not prematurely + removed by the operating system. This is especially of concern when + installing PostgreSQL from source. Users of distribution packages of + PostgreSQL are less likely to be affected. + </para>I would add "are less likely to be affected as the postgres user is
normally created as a system user" or something like that -- to indicate
*why* they are less likely to be affected (and it also tells people that
if they change the user, then they might become affected again).
Committed with that addition, thanks!
--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers