Pgbouncer.pid Permissions On CentOS 7
I’ve installed pgbouncer on CentOS7 and it’s reliant upon a .pid file:
2020-07-31 04:58:34.082 EDT [3682] DEBUG parse_ini_file: ‘logfile’ = ‘/var/log/pgbouncer/pgbouncer.log’
2020-07-31 04:58:34.082 EDT [3682] DEBUG parse_ini_file: ‘logfile’ = ‘/var/log/pgbouncer/pgbouncer.log’ ok:1
2020-07-31 04:58:34.082 EDT [3682] DEBUG parse_ini_file: ‘pidfile’ = ‘/var/run/pgbouncer/pgbouncer.pid’
2020-07-31 04:58:34.082 EDT [3682] DEBUG parse_ini_file: ‘pidfile’ = ‘/var/run/pgbouncer/pgbouncer.pid’ ok:1
However the service isn’t starting because the ownership of the parent directory, pgbouncer:pgbouncer results in some permissions issues:
2020-07-31 04:58:34.089 EDT [3682] FATAL could not open pidfile ‘/var/run/pgbouncer/pgbouncer.pid’: Permission denied
/var/run/ has special flushing behaviour which I want to retain, but I need to get around this permission issue. Changing ownership on this directory just results in an automatic ownership set by the service, so that’s not an option.
– Is there another location that can achieve this?
– Is there any other way to solve this?
I can’t find anything online, other than the same permissions issue for .pid files in this location.
Cheers, Bee
One thought on - Pgbouncer.pid Permissions On CentOS 7
I don’t see a reason the DAC permissions would cause that. Have you checked /var/log/audit/audit.log for AVC denials during service startup?
What does that mean?
Why would changing ownership help? Are you running pgbouncer as a user other than the owner of the run directory, “pgbouncer”?
If so, ownership and permission of the run directories are typically set in a file in tmpfiles.d and managed by “systemd-tmpfiles”. In this case, the /usr/lib/tmpfiles.d/pgbouncer.conf file.
You might need SELinux labels, but you can put PID files where ever you want them. But my advice would be to keep them in /var/run (/run, technically, the former is a symlink).