[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Postgres user UID and GID
From: |
Martin Baulig |
Subject: |
Re: Postgres user UID and GID |
Date: |
Mon, 17 Jul 2023 21:28:29 +0000 |
Hello,
I had considered idmap before, but realized there might be a bit of a
chicken-egg problem with it. Even though that likely doesn't actually exist
because GNU Guix is smart enough about it, the circular dependency still feels
weird:
What I mean is that the NFS client would depend on the existence of the
'postgres' user, to put it into the idmap file, and to resolve its UID / GID on
service startup.
But the PostgreSQL service also depends on the NFS share already being mounted,
so the postgres process can access its data directory.
The only clean solution I could think about is to create the account during
system initialization via an explicit entry in (operating-system (users ...)).
But then I won't need idmap because I can just hard-code the UID and GID there.
About running the database on the server - unfortunately, there is no official
package for Synology's DSM and I don't feel good about some third-party sites
that only provide binaries. They also made some custom changes to the Linux
kernel and use some kind of custom libc - it's a nightmare to install anything
on that thing!
And the "official" recommendation that you get on Reddit, Stack Overflow, etc.
about running PostgreSQL on Synology DSM is to install a Docker image.
I figured running GNU Guix in a VM to be a much better choice than messing with
a bunch of Docker images.
Best regards,
Martin
------- Original Message -------
On Monday, July 17th, 2023 at 8:23 PM, Felix Lechner
<felix.lechner@lease-up.com> wrote:
>
>
> Hi Martin,
>
> On Mon, Jul 17, 2023 at 11:44 AM Martin Baulig martin@baulig.is wrote:
>
> > I have decided to NFS-mount an encrypted shared folder
>
>
> I use a similar setup and use Gocryptfs for encryption. How do you
> encrypt, please?
>
> > there is a tiny little problem with PostgreSQL:
> > the UID and GID of the 'postgres' user needs to match that of the server.
>
>
> Perhaps I do not understand the needs of your setup completely.
> Doesn't 'idmapd' in NFSv4 address your conundrum effectively?
>
> For performance reasons, I would discourage such a setup, though. It
> would be better to run Postgres on the NAS, if it is an option, or to
> replicate the database for backup purposes.
>
> Kind regards
> Felix