Centos – How to grant access to /var/run to postgres on CentOS

centoshttpdpermissionspostgresqlsystemd

After installing postgres-9.3 via yum in my CentOS 7, its default configuration puts socket in /tmp directory. I have httpd (installed via yum as well) which is by default managed by system.d with PrivateTmp option enabled. This means that any web application running on httpd can't access /tmp so connect to postgres. I have changed postgres configuration so it should put its socket in /var/run/postgres just like in Ubuntu.

Now the problem is, that postgres doesn't have enough privileges to write to /var/run. My first though was to do just:

chown postgres:postgres /var/run/postgres

But /var/run directory is cleaned after reboot so this won't work. My question is:

How to grant access to /var/run/postgres for postgres user in such a way that will persist reboots? I don't want to change socket location and I don't want to change httpd's system.d configuration. I just want postgres to be able to write to /var/run/postgres. Any help is much appreciated.

Best Answer

Are you sure the socket is only in /tmp on CentOS 7?

Recent versions of Fedora have two copies of the socket, one in /run/postgresql (which is where /var/run/postgresql is really located after links are resolved) which is the preferred version on modern systems, and one in /tmp for legacy clients that expect to find it there.

In any case if you do need to ensure the directory is created at boot then use a tmpfiles.d file, like /usr/lib/tmpfiles.d/postgresql.conf which ships in Fedora and contains:

d /var/run/postgresql 0755 postgres postgres -

Related Solutions

Centos – How to install APC and Memcache on CentOS WITHOUT installing the PHP package

Your custom-compiled PHP should have installed pecl, and configured it properly.

Have you tried running "pecl install apc"?

If your system is not finding pecl, it's probable that you used some funny --prefix when you ./configure'd PHP.

For instance, if you compiled php like this:

$ ./configure --prefix=/foo
$ make
# make install

then you'll either want to get /foo/bin into $PATH, or you could just run

$ /foo/bin/pecl install apc

EDIT: Now I remember: try pecl install apc-beta. Something is screwy with 5.3.3 and non-beta APC. My experience is apc-beta works fine.

Linux – Allow all users of a group to start and stop zope using supervisorctl

Take a look at unix-http-server section. Change your configuration file as belows:

[unix_http_server]
file=/tmp/supervisor.sock   ; (the path to the socket file)
chmod=0770                  ; sockef file mode (default 0700)
chown=zope:zoperun          ; socket file uid:gid owner
;username=user              ; (default is no username (open server))
;password=123               ; (default is no password (open server))

This make the socket file can be read, write by users in zoperun group:

ll /tmp/supervisor.sock 
srwxrwx--- 1 zope zoperun 0 Sep 30 16:54 /tmp/supervisor.sock

Finally, add all users you want to allow start/stop Zope instance into zoperun group and testing with normal user, you will see something like this:

$ supervisorctl status
foo                              STARTING

Best Answer

Related Solutions

Centos – How to install APC and Memcache on CentOS WITHOUT installing the PHP package

Linux – Allow all users of a group to start and stop zope using supervisorctl

Related Topic