adduser is missing --system

On Thu, Sep 28, 2017 at 6:33 AM, <jens@wilke.org> wrote:

The following documentation comment has been logged on the website:

Page: https://www.postgresql.org/docs/9.6/static/install-short.html
Description:

Hi,

regarding
https://www.postgresql.org/docs/9.6/static/install-short.html

adduser postgres
should be
adduser --system postgres

otherwise you might face
*PANIC: queueing for lock while waiting on another one

due to systemd Config with RemoveIPC=true

This part of the documentation is really aimed at being short. Please
note as well that this has been added to the documentation of Postgres
10 with this commit:
commit: fbe7a3fa45f360e73ce141e51005a3e86cd1926c
author: Peter Eisentraut <peter_e@gmx.net>
date: Wed, 15 Feb 2017 10:46:31 -0500
doc: Add advice about systemd RemoveIPC

Reviewed-by: Magnus Hagander <magnus@hagander.net>

Here is the link to it:
https://www.postgresql.org/docs/devel/static/kernel-resources.html#systemd-removeipc
And the important quote:
"Packaging and deployment scripts should be careful to create the
postgres user as a system user by using useradd -r, adduser --system,
or equivalent."
--
Michael

--
Sent via pgsql-docs mailing list (pgsql-docs@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-docs

Michael Paquier <michael.paquier@gmail.com> writes:

Please note as well that this has been added to the documentation of Postgres
10 with this commit:

Yeah. I think Peter should back-patch that, but he hasn't yet.

The issue might be moot as of v10 anyway, because of this other commit:

Author: Tom Lane <tgl@sss.pgh.pa.us>
Branch: master Release: REL_10_STABLE [ecb0d20a9] 2016-10-09 18:03:45 -0400

Use unnamed POSIX semaphores, if available, on Linux and FreeBSD.

We've had support for using unnamed POSIX semaphores instead of System V
semaphores for quite some time, but it was not used by default on any
platform. Since many systems have rather small limits on the number of
SysV semaphores allowed, it seems desirable to switch to POSIX semaphores
where they're available and don't create performance or kernel resource
problems. Experimentation by me shows that unnamed POSIX semaphores
are at least as good as SysV semaphores on Linux, and we previously had
a report from Maksym Sobolyev that FreeBSD is significantly worse with
SysV semaphores than POSIX ones. So adjust those two platforms to use
unnamed POSIX semaphores, if configure can find the necessary library
functions. If this goes well, we may switch other platforms as well,
but it would be advisable to test them individually first.

We didn't think about the systemd angle at the time, but this change
might make PG reasonably systemd-proof even without direct protection
from RemoveIPC. I've not tried to experiment though.

regards, tom lane

--
Sent via pgsql-docs mailing list (pgsql-docs@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-docs

I wrote:

The issue might be moot as of v10 anyway, because of this other commit:

Ah, scratch that, I'd forgotten the discussion here:

/messages/by-id/32387.1481079186@sss.pgh.pa.us

The switch to unnamed POSIX semaphores will help, but it's not a complete
fix because default-configured systemd will still break DSM usage. In
practice I think that means that parallel queries launching at the same
moment you log out will fail. That's way more survivable than the
semaphores going away, but it's still not very nice.

regards, tom lane

--
Sent via pgsql-docs mailing list (pgsql-docs@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-docs