[pgpool-general: 6187] Re: Pgpool processes are running using root account

Bo Peng pengbo at sraoss.co.jp
Wed Aug 8 09:29:51 JST 2018 

Hi,

> Hi.
> Thank you for your response.
> By the way, I have curiosity, why do rpm installation has changed default
> user from postgres to root by default on Centos 7?
> Regards.

Because root privilege is required to control the virtual IP.
On CentOS6, if you run pgpool with watchdog by default "postgres" user, 
you need to add the setuid flag to ip/ifconfig/arping.
But on CentOS7 you can run pgpool with watchdog by default user.

> On Wed, Jul 25, 2018 at 9:59 AM, Bo Peng <pengbo at sraoss.co.jp> wrote:
> 
> > Hi,
> >
> > > Do you recommended using root account or another account (example:
> > > postgres)? Is it possible to include user=postgres in file
> > > /lib/systemd/system/pgpool.service and to change permissions on
> > > /var/run/pgpool to postgres ?
> >
> > User should decide the user to run Pgpool-II.
> >
> > Of course you can run Pgpool-II with non-root user.
> > But root privilege is required to control the virtual IP,
> > so you have to copy ip/ifconfig/arping command and add the
> > setuid flag to them.
> >
> > Following is an example to start Pgpool-II with postgres user.
> >
> > 1. Edit pgpool.service file to use postgres user to start Pgpool-II
> >
> > # cp /usr/lib/systemd/system/pgpool.service /etc/systemd/system/pgpool.
> > service
> >
> > # vi /etc/systemd/system/pgpool.service
> > ...
> > User=postgres
> > Group=postgres
> >
> > 2. Change owner of /var/{lib,run}/pgpool
> >
> > # chown postgres:postgres /var/{lib,run}/pgpool
> > # cp /usr/lib/tmpfiles.d/pgpool-II-pg10.conf /etc/tmpfiles.d
> > # vi /etc/tmpfiles.d/pgpool-II-pg10.conf
> > ===
> > d /var/run/pgpool 0755 postgres postgres -
> > ===
> >
> > 3. Change owner of Pgpool-II config files
> >
> > chown -R postgres:postgres /etc/pgpool-II/
> >
> > 4. Copy ip/ifconfig/arping command to somewhere and add setuid flag to them
> >
> > # mkdir /var/lib/pgsql/sbin
> > # chown postgres:postgres /var/lib/pgsql/sbin
> > # chmod 700 /var/lib/pgsql/sbin
> > # cp /sbin/ifconfig /var/lib/pgsql/sbin
> > # cp /sbin/arping /var/lib/pgsql/sbin
> > # cp /sbin/ip /var/lib/pgsql/sbin
> > # chmod 4755 /var/lib/pgsql/sbin/ip
> > # chmod 4755 /var/lib/pgsql/sbin/
> > # chmod 4755 /var/lib/pgsql/sbin/arping
> >
> > On Wed, 25 Jul 2018 08:32:06 +0200
> > Lucas Luengas <lucasluengas at gmail.com> wrote:
> >
> > > Hello.
> > > I am installing pgpool (with watchdog) version 3.7 on Centos 7, using
> > > yum/rpm.
> > >
> > > Pgpool processes are running using root account.
> > >
> > > Do you recommended using root account or another account (example:
> > > postgres)? Is it possible to include user=postgres in file
> > > /lib/systemd/system/pgpool.service and to change permissions on
> > > /var/run/pgpool to postgres ?
> > >
> > > I have other installation on Centos 6 and pgpool runs using postgres
> > > account.
> > >
> > > Kind regards.
> >
> >
> > --
> > Bo Peng <pengbo at sraoss.co.jp>
> > SRA OSS, Inc. Japan
> >
> >


-- 
Bo Peng <pengbo at sraoss.co.jp>
SRA OSS, Inc. Japan

More information about the pgpool-general mailing list