[pgpool-general: 6171] Re: Pgpool processes are running using root account

Lucas Luengas lucasluengas at gmail.com
Fri Jul 27 02:51:23 JST 2018 

Hi.
Thank you for your response.
By the way, I have curiosity, why do rpm installation has changed default
user from postgres to root by default on Centos 7?
Regards.


On Wed, Jul 25, 2018 at 9:59 AM, Bo Peng <pengbo at sraoss.co.jp> wrote:

> Hi,
>
> > Do you recommended using root account or another account (example:
> > postgres)? Is it possible to include user=postgres in file
> > /lib/systemd/system/pgpool.service and to change permissions on
> > /var/run/pgpool to postgres ?
>
> User should decide the user to run Pgpool-II.
>
> Of course you can run Pgpool-II with non-root user.
> But root privilege is required to control the virtual IP,
> so you have to copy ip/ifconfig/arping command and add the
> setuid flag to them.
>
> Following is an example to start Pgpool-II with postgres user.
>
> 1. Edit pgpool.service file to use postgres user to start Pgpool-II
>
> # cp /usr/lib/systemd/system/pgpool.service /etc/systemd/system/pgpool.
> service
>
> # vi /etc/systemd/system/pgpool.service
> ...
> User=postgres
> Group=postgres
>
> 2. Change owner of /var/{lib,run}/pgpool
>
> # chown postgres:postgres /var/{lib,run}/pgpool
> # cp /usr/lib/tmpfiles.d/pgpool-II-pg10.conf /etc/tmpfiles.d
> # vi /etc/tmpfiles.d/pgpool-II-pg10.conf
> ===
> d /var/run/pgpool 0755 postgres postgres -
> ===
>
> 3. Change owner of Pgpool-II config files
>
> chown -R postgres:postgres /etc/pgpool-II/
>
> 4. Copy ip/ifconfig/arping command to somewhere and add setuid flag to them
>
> # mkdir /var/lib/pgsql/sbin
> # chown postgres:postgres /var/lib/pgsql/sbin
> # chmod 700 /var/lib/pgsql/sbin
> # cp /sbin/ifconfig /var/lib/pgsql/sbin
> # cp /sbin/arping /var/lib/pgsql/sbin
> # cp /sbin/ip /var/lib/pgsql/sbin
> # chmod 4755 /var/lib/pgsql/sbin/ip
> # chmod 4755 /var/lib/pgsql/sbin/
> # chmod 4755 /var/lib/pgsql/sbin/arping
>
> On Wed, 25 Jul 2018 08:32:06 +0200
> Lucas Luengas <lucasluengas at gmail.com> wrote:
>
> > Hello.
> > I am installing pgpool (with watchdog) version 3.7 on Centos 7, using
> > yum/rpm.
> >
> > Pgpool processes are running using root account.
> >
> > Do you recommended using root account or another account (example:
> > postgres)? Is it possible to include user=postgres in file
> > /lib/systemd/system/pgpool.service and to change permissions on
> > /var/run/pgpool to postgres ?
> >
> > I have other installation on Centos 6 and pgpool runs using postgres
> > account.
> >
> > Kind regards.
>
>
> --
> Bo Peng <pengbo at sraoss.co.jp>
> SRA OSS, Inc. Japan
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.sraoss.jp/pipermail/pgpool-general/attachments/20180726/4dc69589/attachment.html>

More information about the pgpool-general mailing list