You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The reason will be displayed to describe this comment to others. Learn more.
For any historians who stumble here, it is actually more subtle than that and my motivation was not to get shell history, but because Postgres is subtly broken without executing in a shell-capable environment. See da504b6 (temporary and may go away in the future)
da504b673918f44921907aa5ef318a1eb292f7dd nixos/postgresql: give the postgres user a homedir and shell
For certain SQL operations such as
COPY (...) [TO|FROM] PROGRAM '...' WITH (FORMAT CSV)
the designated PostgreSQL server user must be able to execute the
specified program and pipe the data into it; however, Postgres executes
these commands *under a shell* in order to support features such as
traditional piping, for commands like split or gzip. With no homedir and
no shell assigned, Postgres fails to execute the shell, resulting in a
hang that then later results in the query failing. Depending on the
program and query executed, this may happen at seemingly random times
due to buffering/piping issues.
While it isn't traditional to assign a shell to the database user (at
least on NixOS), doing so restores this functionality, which is
extremely useful for e.g. bulk ETL pipelines that copy to/from external
data files.
Signed-off-by: Austin Seipp <aseipp@pobox.com>
So this is actually an important bug-fixing change, nonetheless (I suppose homeDir isn't strictly needed but it doesn't hurt and being there by default is probably reasonable when you do things like sudo -i -u postgres, too, like if you want to edit pg_hba.conf)
82feb4b
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This seems unusual, could you maybe add a comment (here or perhaps in the code) explaining this? Is it something everyone should have enabled?
82feb4b
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why is it unusual? The motivation is that you use postgres user to access root of the database and by having a shell set, you get shell history, etc.
82feb4b
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For any historians who stumble here, it is actually more subtle than that and my motivation was not to get shell history, but because Postgres is subtly broken without executing in a shell-capable environment. See da504b6 (temporary and may go away in the future)
So this is actually an important bug-fixing change, nonetheless (I suppose
homeDir
isn't strictly needed but it doesn't hurt and being there by default is probably reasonable when you do things likesudo -i -u postgres
, too, like if you want to editpg_hba.conf
)