Michael Paquier <michael.paqu...@gmail.com> writes:
> On Tue, Dec 5, 2017 at 11:15 AM, Tom Lane <t...@sss.pgh.pa.us> wrote:
>> The general theory I'm operating on is that we should endeavor to
>> let the database start in any situation where that doesn't involve
>> a data-corruption hazard. Yeah, it might not be nice if we leave
>> GB worth of temp files around, but is a postmaster start failure
>> better? I don't think so.
> I am getting the feeling that we are going to see people complain
> about those files lying around as well... That's as far as my opinion
> goes.
Perhaps, but surely it's inconsistent to consider that opendir()
failure is fatal while failing to unlink individual temp files
found by the directory scan is not. As an example, a pretty likely
scenario is that somehow a temp directory has been made unwritable
by the postmaster. The old coding would have let that pass without
even a bleat in the postmaster log; but it results in just the same
amount of disk space leakage as ignoring the temp directory because
we couldn't opendir() it.
regards, tom lane
