I?ve installed pgbouncer on CentOS7 and it?s reliant upon a .pid file: 2020-07-31 04:58:34.082 EDT [3682] DEBUG parse_ini_file: 'logfile' = '/var/log/pgbouncer/pgbouncer.log' 2020-07-31 04:58:34.082 EDT [3682] DEBUG parse_ini_file: 'logfile' = '/var/log/pgbouncer/pgbouncer.log' ok:1 2020-07-31 04:58:34.082 EDT [3682] DEBUG parse_ini_file: 'pidfile' = '/var/run/pgbouncer/pgbouncer.pid' 2020-07-31 04:58:34.082 EDT [3682] DEBUG parse_ini_file: 'pidfile' = '/var/run/pgbouncer/pgbouncer.pid' ok:1 However the service isn?t starting because the ownership of the parent directory, pgbouncer:pgbouncer results in some permissions issues: 2020-07-31 04:58:34.089 EDT [3682] FATAL could not open pidfile '/var/run/pgbouncer/pgbouncer.pid': Permission denied /var/run/ has special flushing behaviour which I want to retain, but I need to get around this permission issue. Changing ownership on this directory just results in an automatic ownership set by the service, so that?s not an option. - Is there another location that can achieve this? - Is there any other way to solve this? I can?t find anything online, other than the same permissions issue for .pid files in this location. Cheers, Bee
On 7/31/20 4:40 PM, Bee.Lists wrote:> However the service isn?t starting because the ownership of the parent directory, pgbouncer:pgbouncer results in some permissions issues: > > 2020-07-31 04:58:34.089 EDT [3682] FATAL could not open pidfile '/var/run/pgbouncer/pgbouncer.pid': Permission deniedI don't see a reason the DAC permissions would cause that.? Have you checked /var/log/audit/audit.log for AVC denials during service startup?> /var/run/ has special flushing behaviour which I want to retainWhat does that mean?> Changing ownership on this directory just results in an automatic ownership set by the service, so that?s not an option.Why would changing ownership help?? Are you running pgbouncer as a user other than the owner of the run directory, "pgbouncer"? If so, ownership and permission of the run directories are typically set in a file in tmpfiles.d and managed by "systemd-tmpfiles".? In this case, the /usr/lib/tmpfiles.d/pgbouncer.conf file.> - Is there another location that can achieve this?You might need SELinux labels, but you can put PID files where ever you want them.? But my advice would be to keep them in /var/run (/run, technically, the former is a symlink).
Reasonably Related Threads
- running tomcat as non-root user.. (/var/run pidfile issue)
- clamd@amavisd fails under systemd
- Compiling Samba 4.7 with systemd support on Fedora 26
- [PATCH] tftpd.c: write a pid file in standalone mode
- [PATCH] Create /var/run/tftpd-hpa.pid in standalone mode