On 2015-05-25 21:33:03 -0400, Robert Haas wrote: > On Mon, May 25, 2015 at 2:20 PM, Tom Lane <t...@sss.pgh.pa.us> wrote: > > Perhaps, but if we didn't have permission to write the file, it's hard to > > argue that it's our responsibility to fsync it. So this seems like it's > > adding complexity without really adding any safety. > > I agree. I think ignoring fsync failures is a very sensible approach. > If the files are not writable, they're probably not ours.
The reason we started discussing this is because Tom had the - quite reasonable - concern that this might not solely be a problem of EACCESS, but that there could be other errors that we need to ignore to not fail spuriously. Say a symlink goes to a binary, which is currently being executed: ETXTBSY. Or the file is in a readonly filesystem: EROFS. So we'd need to ignore a lot of errors, possibly ignoring valid ones. I personally can see why people will put things in PGDATA itself, if you put unreadable stuff in some subdirectory that you didn't create yourself, I see much less reason to tolerate that. Another thing is whether we should handle a recursive symlink in pgdata? I personally think not, but... It's also not just as simple as making fsync_fname fail gracefully upon EACCESS - the opendir() could fail just as well. Greetings, Andres Freund -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
