BUG #12072: init script creates pid file with wrong owner

The init script will first do "su - postgres" before starting the server,
so there is no way that the owner of the PID file (default location is
$DATADIR/postmaster.pid) is not postgres. Please recheck.

On Wed, Nov 26, 2014 at 7:49 PM, <henrik-postgres@hswn.dk> wrote:

The following bug has been logged on the website:

Bug reference: 12072
Logged by: Henrik Storner
Email address: henrik-postgres@hswn.dk
PostgreSQL version: 9.3.5
Operating system: CentOS 6.6
Description:

The /etc/init.d/postgresql-9.3 file created a PID file, but fails to make
it
owned by user 'postgres'.

This means that using the "pg_ctl" command to restart Postgres fails,
because user postgres cannot update the pid file (if you set
external_pid_file in postgresql.conf so it can find the pid file).

The init script should do a "chown postgres:postgres $pidfile" so the pid
file is owned by the postgres user. This allows pg_ctl commands to work.

--
Sent via pgsql-bugs mailing list (pgsql-bugs@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-bugs

--
Sandeep Thakkar

On 11/26/2014 6:19 AM, henrik-postgres@hswn.dk wrote:

The /etc/init.d/postgresql-9.3 file created a PID file, but fails to make it
owned by user 'postgres'.

it should have. mine does.

[root@new ~]# ls -la /var/lib/pgsql/9.3/data/postmaster.pid
-rw------- 1 postgres postgres 72 Oct 29 09:54
/var/lib/pgsql/9.3/data/postmaster.pid

[root@new ~]# cat /etc/redhat-release
CentOS release 6.6 (Final)

[root@new ~]# rpm -qa postgres\*
postgresql93-devel-9.3.5-1PGDG.rhel6.x86_64
postgresql93-libs-9.3.5-1PGDG.rhel6.x86_64
postgresql93-server-9.3.5-1PGDG.rhel6.x86_64
postgresql93-contrib-9.3.5-1PGDG.rhel6.x86_64
postgresql93-9.3.5-1PGDG.rhel6.x86_64

--
john r pierce 37N 122W
somewhere on the middle of the left coast

--
Sent via pgsql-bugs mailing list (pgsql-bugs@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-bugs

Checked. Steps to reproduce:

1) Fresh install of CentOS 6.6 base-server (could be any Redhat like distro)

2) Install Postgres 9.3.5 as per
http://www.postgresql.org/download/linux/redhat/ - i.e. using the
yum.postgresql.org repository

root@postgres ~]# yum install
http://yum.postgresql.org/9.3/redhat/rhel-6-x86_64/pgdg-redhat93-9.3-1.noarch.rpm

<cut yum chatter>
Installed:
pgdg-redhat93.noarch 0:9.3-1

Complete!

[root@postgres ~]# yum install postgresql93-server postgresql93-contrib
<cut more yum chatter>
Installing : postgresql93-libs-9.3.5-1PGDG.rhel6.x86_64 1/5
Installing : postgresql93-9.3.5-1PGDG.rhel6.x86_64 2/5
Installing : uuid-1.6.1-10.el6.x86_64 3/5
Installing : postgresql93-contrib-9.3.5-1PGDG.rhel6.x86_64 4/5
Installing : postgresql93-server-9.3.5-1PGDG.rhel6.x86_64 5/5
Verifying : postgresql93-contrib-9.3.5-1PGDG.rhel6.x86_64 1/5
Verifying : postgresql93-9.3.5-1PGDG.rhel6.x86_64 2/5
Verifying : postgresql93-server-9.3.5-1PGDG.rhel6.x86_64 3/5
Verifying : postgresql93-libs-9.3.5-1PGDG.rhel6.x86_64 4/5
Verifying : uuid-1.6.1-10.el6.x86_64 5/5

Installed:
postgresql93-contrib.x86_64 0:9.3.5-1PGDG.rhel6
postgresql93-server.x86_64 0:9.3.5-1PGDG.rhel6

Dependencies installed:
postgresql93.x86_64 0:9.3.5-1PGDG.rhel6 postgresql93-libs.x86_64
0:9.3.5-1PGDG.rhel6 uuid.x86_64 0:1.6.1-10.el6

Complete!

3) Start Postgres using the init script file, and
/var/run/postgresql-9.3.pid is owned by root.

[root@postgres ~]# service postgresql-9.3 initdb
Initialising database: [ O.k. ]
[root@postgres ~]# service postgresql-9.3 start
Starting postgresql-9.3-service: [ O.k. ]
[root@postgres ~]# ls -l /var/run/postgresql-9.3.pid
-rw-r--r--. 1 root root 5 1 dec 07:44 /var/run/postgresql-9.3.pid

The problem is with the init script installed from the rpm package. From
line 161 it performs the server start by doing

echo -n "$PSQL_START"
$SU -l postgres -c "$PGENGINE/postmaster -p '$PGPORT' -D
'$PGDATA' ${PGOPTS} &" >> "$PGLOG" 2>&1 < /dev/null
sleep 2
pid=`head -n 1 "$PGDATA/postmaster.pid" 2>/dev/null`
if [ "x$pid" != x ]
then
success "$PSQL_START"
touch "$lockfile"
* echo $pid > "$pidfile"*
echo
else
failure "$PSQL_START"
echo
script_result=1
fi

Note the
echo $pid > "$pidfile"

This creates a pid-file owned by root. The owner:group should be changed
to "postgres:postgres", in the same way that is done with the log file
$PGLOG a bit earlier in the script. A simple one-line patch is attached.

Regards,
Henrik

Den 01-12-2014 kl. 06:07 skrev Sandeep Thakkar:

=?UTF-8?B?SGVucmlrIFN0w7hybmVy?= <henrik@hswn.dk> writes:

The problem is with the init script installed from the rpm package. From
line 161 it performs the server start by doing

echo -n "$PSQL_START"
$SU -l postgres -c "$PGENGINE/postmaster -p '$PGPORT' -D
'$PGDATA' ${PGOPTS} &" >> "$PGLOG" 2>&1 < /dev/null
sleep 2
pid=`head -n 1 "$PGDATA/postmaster.pid" 2>/dev/null`
if [ "x$pid" != x ]
then
success "$PSQL_START"
touch "$lockfile"
* echo $pid > "$pidfile"*
echo
else
failure "$PSQL_START"
echo
script_result=1
fi

Note the
echo $pid > "$pidfile"

This creates a pid-file owned by root.

Why is the init script creating such a file at all? Surely it should be
depending on the one created by the postmaster. However, if there is a
reason to create a separate pidfile, I don't see the problem particularly:
the postmaster will neither create nor remove it, so it hardly matters
what the ownership is.

regards, tom lane

--
Sent via pgsql-bugs mailing list (pgsql-bugs@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-bugs

Tom Lane wrote:

=?UTF-8?B?SGVucmlrIFN0w7hybmVy?= <henrik@hswn.dk> writes:

The problem is with the init script installed from the rpm package. From
line 161 it performs the server start by doing

Why is the init script creating such a file at all? Surely it should
be depending on the one created by the postmaster. However, if there
is a reason to create a separate pidfile, I don't see the problem
particularly: the postmaster will neither create nor remove it, so it
hardly matters what the ownership is. regards, tom lane

The problem lies in the interaction between a DBA using the pg_ctl
commands, and a system start/stop script which is executed when the
system boots or shuts down.

Consider this scenario:

1) The system boots, Postgres starts up automatically via the init.d
script. Two pid-files now exist - one created by the init.d script in
/var/run, and another in the PGDATA directory. They are identical.

2) DBA tweaks some configuration requiring a restart. Since the DBA
doesn't have root access, he logs into the "postgres" account and runs
"pg_ctl restart". This updates the pid-file in the PGDATA directory, but
not the one in /var/run because a) the postgres user does not have write
access to the file, and b) by default pg_ctl doesn't know about the pid
file in /var/run. So the two pid-files are no longer in sync, only the
PGDATA pid file is valid.

3) The server is shut down or rebooted. During shutdown the init.d
script looks at the pid-file in /var/run, and finds that the pid listed
no longer exists. Therefore it assumes that Postgres isn't running and
doesn't try to shut it down gracefully. It gets a 'kill -TERM' at a late
point in the shutdown proces, which is not optimal.

I suppose the /var/run pid-file is created by the RPM initscript because
the Linux Filesystem Hierarchy Standard dictates that system services
keep a pid-file in /var/run - not buried somewhere deep inside a service
specific directory.

Fixing the permission setting on the /var/run pidfile is only part of
the solution, for it to work completely you must also change
postgres.conf so the extra_pid_file setting (iirc) is set to the
/var/run pidfile. This makes sure that the 'postmaster' process updates
both pid-files - but it still requires that both pid-files are writable
by the "postgres" user.

Regards,
Henrik

--
Sent via pgsql-bugs mailing list (pgsql-bugs@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-bugs

Hi,

On Wed, 2014-11-26 at 14:19 +0000, henrik-postgres@hswn.dk wrote:

The /etc/init.d/postgresql-9.3 file created a PID file, but fails to
make it owned by user 'postgres'.

This means that using the "pg_ctl" command to restart Postgres fails,
because user postgres cannot update the pid file (if you set
external_pid_file in postgresql.conf so it can find the pid file).

I don't think that we designed the *init script* (kicked by init
subsystem) to be compatible with pg_ctl command (called by postgres
user). If you have an environment that requires a non-root user to
restart postgres, you can hack the init script and add a chown line
there.

That pid file is used by RHCS (IIRC), so I am not inclined to touch it.

Regards,
--
Devrim GÜNDÜZ
Principal Systems Engineer @ EnterpriseDB: http://www.enterprisedb.com
PostgreSQL Danışmanı/Consultant, Red Hat Certified Engineer
Twitter: @DevrimGunduz , @DevrimGunduzTR