Dear PostgreSQL Community, I'm currently running PostgreSQL version 16.6 inside a Docker container (base image: UBI 9), using Docker Compose. The PostgreSQL data directory is mounted from an NFS volume hosted on a z/OS NFS server.
The environment has a few constraints: - The NFS server runs on z/OS with AT-TLS enabled. - It’s a highly secure and access-controlled setup. - Due to platform restrictions on z/OS, the mounted NFS directory cannot be owned by the PostgreSQL user (e.g., `postgres`) inside the container. - As a result, PostgreSQL fails to start because of the directory ownership validation check. Given the secure nature of the NFS server, I’d like to ask: 1. Is there a supported or recommended way to bypass the ownership check on the data directory? 2. What are the potential risks or implications of doing so in a secure NFS environment? 3. I'm considering building a custom PostgreSQL image by modifying the `miscinit.c` file—specifically, disabling the ownership check in the `checkDataDir()` function. Is this a reasonable approach, and are there any caveats or unintended side effects I should be aware of? **Disclaimer**: The z/OS NFS server is secured using AT-TLS and enforces strict access control policies. My intention is not to weaken PostgreSQL’s security model, but to adapt to platform-specific constraints while maintaining overall security integrity. Any insights, experiences, or alternative suggestions would be greatly appreciated. Best regards, Amol
