From 3d54e65b531bb9f3482b755777ee16875aec2e72b9d9f9456ec24d666a746005 Mon Sep 17 00:00:00 2001 From: Reinhard Max Date: Mon, 15 May 2023 15:08:14 +0000 Subject: [PATCH] - bsc#1179231: Add an explanation for the /tmp -> /run/postgresql move and permission change. OBS-URL: https://build.opensuse.org/package/show/server:database:postgresql/postgresql?expand=0&rev=149 --- postgresql-README.SUSE | 13 ++++++++++++- postgresql.changes | 2 ++ 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/postgresql-README.SUSE b/postgresql-README.SUSE index d975b7c..fd14fcb 100644 --- a/postgresql-README.SUSE +++ b/postgresql-README.SUSE @@ -29,11 +29,22 @@ product by recommending the respective binary packages. By default, database data are stored under /var/lib/pgsql/data on SUSE Linux. + Unix-Domain Socket Directory ============================ Traditionally a PostgreSQL server puts its unix domain sockets for -local client connections into the /tmp directory. +local client connections into the /tmp directory, which is not +intended for this kind of use and allows unprivileged users to start +rogue PostgreSQL servers. For that reason SUSE has moved the default +directory for these sockets to /run/postgresql and set the permissions +of that directory to only allow the postgres user and members of the +postgres group to start servers that have their sockets here. + +A secondary socket is still also opened under /tmp for backwards +compatibility with old clients, but this is deprecated and should not +be used anymore in new deployments. + Upgrading PostgreSQL ==================== diff --git a/postgresql.changes b/postgresql.changes index b0126b0..760c5c1 100644 --- a/postgresql.changes +++ b/postgresql.changes @@ -3,6 +3,8 @@ Mon May 15 14:17:11 UTC 2023 - Reinhard Max - Overhaul postgresql-README.SUSE and move it from the binary package to the noarch wrapper package. +- bsc#1179231: Add an explanation for the /tmp -> /run/postgresql + move and permission change. - Add postgresql-README as a separate source file. -------------------------------------------------------------------