[Pkg-postgresql-public] fsync-pgdata-on-recovery tries to write to more files than previously

Christoph Berg myon at debian.org
Sat May 23 20:20:43 UTC 2015

Re: To PostgreSQL Hackers 2015-05-23 <20150523172627.GA24277 at msg.df7cb.de>
> Hi,
> the new fsync-pgdata-on-recovery code tries to open all files using
> O_RDWR. At least on 9.1, this can make recovery fail:
> * launch postgres, hit ^\ (or otherwise shut down uncleanly)
> * touch foo; chmod 444 foo
> * launch postgres
> LOG:  database system was interrupted; last known up at 2015-05-23 19:18:36 CEST
> FATAL:  could not open file "/home/cbe/9.1/foo": Permission denied
> LOG:  startup process (PID 27305) exited with exit code 1
> LOG:  aborting startup due to startup process failure
> The code on 9.4 looks similar to me, but I couldn't trigger the
> problem there.

Correction: 9.4 is equally broken. (I was still running 9.4.1 when I
tried first.)

> I think this is a real-world problem:
> 1) In older releases, the SSL certs were read from the data directory,
> and at least the default Debian installation creates symlinks from
> PGDATA/server.* to /etc/ssl/ where PostgreSQL can't write
> 2) It's probably a pretty common scenario that the root user will edit
> postgresql.conf, and make backups or create other random files there
> that are not writable. Even a non-writable postgresql.conf itself or
> recovery.conf was not a problem previously.

3) The .postgresql.conf.swp files created by (root's) vim are 0600.

> To me, this is a serious regression because it prevents automatic
> startup of a server that would otherwise just run.

cb at df7cb.de | http://www.df7cb.de/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-postgresql-public/attachments/20150523/f00fe422/attachment.sig>

More information about the Pkg-postgresql-public mailing list