[pgpool-general: 6169] Re: Pgpool processes are running using root account

Bo Peng pengbo at sraoss.co.jp
Wed Jul 25 16:59:35 JST 2018


Hi,

> Do you recommended using root account or another account (example:
> postgres)? Is it possible to include user=postgres in file
> /lib/systemd/system/pgpool.service and to change permissions on
> /var/run/pgpool to postgres ?

User should decide the user to run Pgpool-II.

Of course you can run Pgpool-II with non-root user. 
But root privilege is required to control the virtual IP,
so you have to copy ip/ifconfig/arping command and add the 
setuid flag to them.

Following is an example to start Pgpool-II with postgres user.

1. Edit pgpool.service file to use postgres user to start Pgpool-II

# cp /usr/lib/systemd/system/pgpool.service /etc/systemd/system/pgpool.service

# vi /etc/systemd/system/pgpool.service
...
User=postgres
Group=postgres

2. Change owner of /var/{lib,run}/pgpool

# chown postgres:postgres /var/{lib,run}/pgpool
# cp /usr/lib/tmpfiles.d/pgpool-II-pg10.conf /etc/tmpfiles.d
# vi /etc/tmpfiles.d/pgpool-II-pg10.conf
===
d /var/run/pgpool 0755 postgres postgres -
===

3. Change owner of Pgpool-II config files 

chown -R postgres:postgres /etc/pgpool-II/

4. Copy ip/ifconfig/arping command to somewhere and add setuid flag to them

# mkdir /var/lib/pgsql/sbin
# chown postgres:postgres /var/lib/pgsql/sbin
# chmod 700 /var/lib/pgsql/sbin
# cp /sbin/ifconfig /var/lib/pgsql/sbin
# cp /sbin/arping /var/lib/pgsql/sbin
# cp /sbin/ip /var/lib/pgsql/sbin
# chmod 4755 /var/lib/pgsql/sbin/ip
# chmod 4755 /var/lib/pgsql/sbin/
# chmod 4755 /var/lib/pgsql/sbin/arping 

On Wed, 25 Jul 2018 08:32:06 +0200
Lucas Luengas <lucasluengas at gmail.com> wrote:

> Hello.
> I am installing pgpool (with watchdog) version 3.7 on Centos 7, using
> yum/rpm.
> 
> Pgpool processes are running using root account.
> 
> Do you recommended using root account or another account (example:
> postgres)? Is it possible to include user=postgres in file
> /lib/systemd/system/pgpool.service and to change permissions on
> /var/run/pgpool to postgres ?
> 
> I have other installation on Centos 6 and pgpool runs using postgres
> account.
> 
> Kind regards.


-- 
Bo Peng <pengbo at sraoss.co.jp>
SRA OSS, Inc. Japan



More information about the pgpool-general mailing list