Re: Postgres user UID and GID

unofficial mirror of guix-devel@gnu.org 
 help / color / mirror / code / Atom feed

From: Martin Baulig <martin@baulig.is>
To: Felix Lechner <felix.lechner@lease-up.com>
Cc: "guix-devel@gnu.org" <guix-devel@gnu.org>
Subject: Re: Postgres user UID and GID
Date: Mon, 17 Jul 2023 21:28:29 +0000	[thread overview]
Message-ID: <LPtRrer4a8VYHpNxG-CTvZaAs4L__MhKFdNSsbqBYrB9fVV-kb9r0QluOJqd7FIs_Cxg2PUcy9nExGyy6XA2ltTMZUNAXwvZqMMeU6nZYEw=@baulig.is> (raw)
In-Reply-To: <CAFHYt55Zhui0Pbis_adbdcx8px-HXPmHTtvOiWRjZQuvxtyo_Q@mail.gmail.com>

Hello,

I had considered idmap before, but realized there might be a bit of a chicken-egg problem with it.  Even though that likely doesn't actually exist because GNU Guix is smart enough about it, the circular dependency still feels weird:

What I mean is that the NFS client would depend on the existence of the 'postgres' user, to put it into the idmap file, and to resolve its UID / GID on service startup.

But the PostgreSQL service also depends on the NFS share already being mounted, so the postgres process can access its data directory.

The only clean solution I could think about is to create the account during system initialization via an explicit entry in (operating-system (users ...)).  But then I won't need idmap because I can just hard-code the UID and GID there.

About running the database on the server - unfortunately, there is no official package for Synology's DSM and I don't feel good about some third-party sites that only provide binaries.  They also made some custom changes to the Linux kernel and use some kind of custom libc - it's a nightmare to install anything on that thing!

And the "official" recommendation that you get on Reddit, Stack Overflow, etc. about running PostgreSQL on Synology DSM is to install a Docker image.

I figured running GNU Guix in a VM to be a much better choice than messing with a bunch of Docker images.

Best regards,

Martin

------- Original Message -------
On Monday, July 17th, 2023 at 8:23 PM, Felix Lechner <felix.lechner@lease-up.com> wrote:

> 
> 
> Hi Martin,
> 
> On Mon, Jul 17, 2023 at 11:44 AM Martin Baulig martin@baulig.is wrote:
> 
> > I have decided to NFS-mount an encrypted shared folder
> 
> 
> I use a similar setup and use Gocryptfs for encryption. How do you
> encrypt, please?
> 
> > there is a tiny little problem with PostgreSQL:
> > the UID and GID of the 'postgres' user needs to match that of the server.
> 
> 
> Perhaps I do not understand the needs of your setup completely.
> Doesn't 'idmapd' in NFSv4 address your conundrum effectively?
> 
> For performance reasons, I would discourage such a setup, though. It
> would be better to run Postgres on the NAS, if it is an option, or to
> replicate the database for backup purposes.
> 
> Kind regards
> Felix

     prev parent reply	other threads:[~2023-07-17 21:29 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-07-17 18:06 Postgres user UID and GID Martin Baulig
2023-07-17 19:49 ` Denis 'GNUtoo' Carikli
2023-07-17 21:35   ` Martin Baulig
2023-07-18 22:10     ` Denis 'GNUtoo' Carikli
2023-07-19 14:35       ` Martin Baulig
2023-07-17 20:23 ` Felix Lechner via Development of GNU Guix and the GNU System distribution.
2023-07-17 21:28   ` Martin Baulig [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://guix.gnu.org/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='LPtRrer4a8VYHpNxG-CTvZaAs4L__MhKFdNSsbqBYrB9fVV-kb9r0QluOJqd7FIs_Cxg2PUcy9nExGyy6XA2ltTMZUNAXwvZqMMeU6nZYEw=@baulig.is' \
    --to=martin@baulig.is \
    --cc=felix.lechner@lease-up.com \
    --cc=guix-devel@gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).