Postgres launchd script suggestions
Weissmann Markus
mww at macports.org
Sun Jun 10 04:36:49 PDT 2007
On 9 Jun 2007, at 15:42, Jyrki Wahlstedt wrote:
>
> On 7.6.2007, at 18.19, Christian Voelker wrote:
>
>> Hello Markus and Jyrki,
>>
>> I am running PostgreSQL as built by macports since some time
>> with great success (currently I have a little issue on a G5
>> iMac, by I have to investigate that myself before screaming).
>> Thank you for your porting efforts, package maintainance and
>> fast response to updates!
>>
> Thanks!
>
>> With every update, I have to replace one file manually with
>> a slightly modified version though. I believe that my mods
>> would not break anybodies installation but enhance the over-
>> all experience in some cases. Thus, I have put together a
>> little patch. Please discuss or integrate in case you decide
>> that this is a good mod. Obviously, I myself would benefit
>> the most from this ;-). the file in question is:
>>
>> /opt/local/etc/LaunchDaemons/org.macports.postgresql82-server/
>> postgresql82-server.wrapper
>>
>> Here comes the patchfile. If the format does not fit your
>> needs, please tell me how to do better or point me to a
>> place telling how to do it.
>>
>> <postgresql82-server.wrapper.patch.unified>
>>
> The format is perfect.
>>
>> Some comments on the two issues I am addresing with my changes.
>> First, the postgres user account. The Macs I am running Postgres
>> on are also used interactively. The Login screen is set to list
>> mode. Unlike other unix accounts created for use by daemons, the
>> postgres account shows up in this list, which adds confusion to
>> other users accessing this machine. This behaviour can be sup-
>> pressed by setting the shell variable in the NetInfo database
>> to /usr/bin/false as shown with many Apple supplied software.
>
> The user account is something that needs some work. I agree that
> the user created here shouldn't be visible in different lists.
> However, I may be wrong, but I have thought that user visibility is
> governed by user ID that for most daemon users is less than 100
> that is the horizon in this case. The id area below 100 is however
> Apple's area, so we can't create any id there.
> I must admit that I use a slightly modified version of Portfile
> just to be sure that I don't create superfluous users. Maybe I am
> too cautious but I use a version that adds the user only if it does
> not exist already. This is not yet in the Portfile yet, maybe I
> have the wrong impression of how adduser command in Portfile works...
This one would need to be fixed in the port(1) tool - I don't know
how this currently is implemented. Best would be to discuss this one
the developers mailing list!
>>
>> The drawback of denying interactive login to such user accounts
>> is in testing and boot scripts. A way around this is to call su
>> with -m option which inherits the environment from root, which
>> is the user account used by the invoking launchd service. I cant
>> see this to be harmful unless you were used to setting environ-
>> ment variables in another place then /etc/profile which I use for
>> this purpose. Please note, that setting shell to /usr/bin/false
>> could be done by your install scripts using niutil. This would
>> be the next step in sophistication not shown in my patch.
>>
>>
>> The other place of modification is a short hint to the user on
>> how to set the environment variable POSTGRESQL82DATA to a value
>> of their choice. I had to do this when I decided on my scheme for
>> database backup. Actually, I keep the whole macports directory
>> structure under /Library/Macports with fresh installs. I do this
>> to avoid /opt showing up in the root directory. I feel in sync
>> with Apples policy on places to install 3rd party software and
>> with macports installing interactive apps such as Abiword in a
>> folder called /Applications/Macports. I also keep working data
>> of any installed additional services such as CVS in directories
>> named /Library/Name_of_service to ease backup. Other users might
>> decide to keep such data under /Users/Shared/ or wherever.
>>
> /opt is the place, I used /usr/local earlier, but changed that
> later. There is nothing wrong in creating subdirectories in /.
> Everybody has a way of work, and the tools should be adaptable.
>
>> Lastly, I like to use Console.app to read Logfiles. Console.app
>> comes prefconfigured with three directories in the side column,
>> where to look for logfiles. These three folders seem to be hard
>> wired, which might not be that smart from Apple, but which makes
>> it barely usable for Logfiles burried deep inside the directory
>> structure of macports. I feel users should be supported if they
>> like to keep their Logfiles elsewhere. The three folders in the
>> sidebar are (~)/Library/Logs and /var/log respectively. With the
>> rationale mentioned above, I keep Logfiles under /Library/Logs/.
>>
>> I had to figure out myself, how to set POSTGRESQL82DATA without
>> modifying the wrapper provided by you myself. I feel that every-
>> body who tries to do so will come to this place and thus found
>> this the right place for a comment. i also introduced a variable
>> for the logging directory.
>>
> I use Console.app to read logfiles, too. There is no problem in
> making it read log files elsewhere in the system. I myself have
> Apache2 log files open from /opt/local/apache2/logs.
> I am also not sure of copying a user's environment for port. This
> is perhaps a bit paranoid, but ports should reside in a totally
> controlled environment.
>
> with best greetings,
> Jyrki Wahlstedt
>
salut,
-Markus
---
Markus W. Weissmann
http://www.mweissmann.de/
More information about the macports-users
mailing list