Thanks Laurenz. On Mon, Jul 14, 2025 at 8:11 PM Laurenz Albe <laurenz.a...@cybertec.at> wrote:
> On Mon, 2025-07-14 at 18:32 +0530, Amol Inamdar wrote: > > > The data directory can either be created by "initdb", in which case > > > the mount point must allow the PostgreSQL user to create a directory. > > > You could set the group of the mount point to the group of the > > > PostgreSQL user and use permissions 1770, which should be perfectly > safe. > > > > This exactly is the problem we are facing, to give you a summary, > > our NFS server is enabled with AT-TLS authentication > > and we are accessing the server via a proxy server (Haproxy). > > This acts as our NFS client and it is configured with the > > required client certificates. > > > > The outcome of above configuration is that any directory created > > in the NFS mount is always owned by the user in the certificates > > and if that user isn't present in the proxy container it is marked > > as nobody:nogroup, we tried various things like > > created the user similar to postgres user so that the users ids match > but > > always ended up giving error “data directory “/var/lib” has wrong > ownership > > > > Hence, we thought of skipping this check (Directory owner and postgres > user validation) and > > wanted to understand the implication of the same. > > No; don't. > > Simply mount the directory once, create a subdirectory with the > appropriate ownership and permissions, and there you go. > Problem solved. > > Yours, > Laurenz Albe > -- -regards Amol
