[Pkg-postgresql-public] pgpool packaging
Stephen Frost
sfrost@snowman.net
Mon, 19 Jul 2004 08:35:58 -0400
--uTFalyLIuNT0jbUC
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
* Martin Pitt (martin@piware.de) wrote:
> > Absent better ideas, I will use port 5433 by default, so the user has=
=20
> > to reroute his applications explicitly, or do the switch with=20
> > PostgreSQL manually if he wants truly transparent access.
>=20
> Hmm, it seems that it would make more sense to let pgpool run at the
> usual postgresql port (since it is the expected standard). An idea
> would be to parse the "usual" port from postgresql.conf, use it for
> pgpool and restart the postmaster with no TCP port, but only with the
> local Unix port. If pgpool does not support that, you could start
> postmaster with '-p' on a free port and only listen on 127.0.0.1 on
> it.
I tend to agree w/ this, except that we have to be careful about
multiple packages modifying the same config files. Debian policy has
some strict rules regarding this..
> > I would like to have the server running as a nonprivileged user. To ge=
t=20
> > write access to /var/run/postgresql, that user has to be postgres,=20
> > unless you propose to play various games with group permissions.
>=20
> If /var/run/postgresql access is the only reason why pgpool shall ran
> as postgres, I would vote against it and instead let it run as
> pgpool:postgresql. This directory already has group 'postgresql', thus
> we just need to enable group writeability in PostgreSQL. What do you
> think?
I agree that group permissions should be sufficient for this. My only
concern here is that the group permissions don't grant more access than
that. If it does then perhaps a new/different group would be more
appropriate...
Stephen
--uTFalyLIuNT0jbUC
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFA+8AurzgMPqB3kigRAlXHAJ9XVnGtGukVCbJLUyjykDB9ETgjwQCfS0MK
vL2bzXiofBRupfhPFv2P6+k=
=NGbN
-----END PGP SIGNATURE-----
--uTFalyLIuNT0jbUC--