Hello Markus and Jyrki, I am running PostgreSQL as built by macports since some time with great success (currently I have a little issue on a G5 iMac, by I have to investigate that myself before screaming). Thank you for your porting efforts, package maintainance and fast response to updates! With every update, I have to replace one file manually with a slightly modified version though. I believe that my mods would not break anybodies installation but enhance the over- all experience in some cases. Thus, I have put together a little patch. Please discuss or integrate in case you decide that this is a good mod. Obviously, I myself would benefit the most from this ;-). the file in question is: /opt/local/etc/LaunchDaemons/org.macports.postgresql82-server/ postgresql82-server.wrapper Here comes the patchfile. If the format does not fit your needs, please tell me how to do better or point me to a place telling how to do it. Some comments on the two issues I am addresing with my changes. First, the postgres user account. The Macs I am running Postgres on are also used interactively. The Login screen is set to list mode. Unlike other unix accounts created for use by daemons, the postgres account shows up in this list, which adds confusion to other users accessing this machine. This behaviour can be sup- pressed by setting the shell variable in the NetInfo database to /usr/bin/false as shown with many Apple supplied software. The drawback of denying interactive login to such user accounts is in testing and boot scripts. A way around this is to call su with -m option which inherits the environment from root, which is the user account used by the invoking launchd service. I cant see this to be harmful unless you were used to setting environ- ment variables in another place then /etc/profile which I use for this purpose. Please note, that setting shell to /usr/bin/false could be done by your install scripts using niutil. This would be the next step in sophistication not shown in my patch. The other place of modification is a short hint to the user on how to set the environment variable POSTGRESQL82DATA to a value of their choice. I had to do this when I decided on my scheme for database backup. Actually, I keep the whole macports directory structure under /Library/Macports with fresh installs. I do this to avoid /opt showing up in the root directory. I feel in sync with Apples policy on places to install 3rd party software and with macports installing interactive apps such as Abiword in a folder called /Applications/Macports. I also keep working data of any installed additional services such as CVS in directories named /Library/Name_of_service to ease backup. Other users might decide to keep such data under /Users/Shared/ or wherever. Lastly, I like to use Console.app to read Logfiles. Console.app comes prefconfigured with three directories in the side column, where to look for logfiles. These three folders seem to be hard wired, which might not be that smart from Apple, but which makes it barely usable for Logfiles burried deep inside the directory structure of macports. I feel users should be supported if they like to keep their Logfiles elsewhere. The three folders in the sidebar are (~)/Library/Logs and /var/log respectively. With the rationale mentioned above, I keep Logfiles under /Library/Logs/. I had to figure out myself, how to set POSTGRESQL82DATA without modifying the wrapper provided by you myself. I feel that every- body who tries to do so will come to this place and thus found this the right place for a comment. i also introduced a variable for the logging directory. Yours, Christian
On 7.6.2007, at 18.19, Christian Voelker wrote:
Hello Markus and Jyrki,
I am running PostgreSQL as built by macports since some time with great success (currently I have a little issue on a G5 iMac, by I have to investigate that myself before screaming). Thank you for your porting efforts, package maintainance and fast response to updates!
Thanks!
With every update, I have to replace one file manually with a slightly modified version though. I believe that my mods would not break anybodies installation but enhance the over- all experience in some cases. Thus, I have put together a little patch. Please discuss or integrate in case you decide that this is a good mod. Obviously, I myself would benefit the most from this ;-). the file in question is:
/opt/local/etc/LaunchDaemons/org.macports.postgresql82-server/ postgresql82-server.wrapper
Here comes the patchfile. If the format does not fit your needs, please tell me how to do better or point me to a place telling how to do it.
<postgresql82-server.wrapper.patch.unified>
The format is perfect.
Some comments on the two issues I am addresing with my changes. First, the postgres user account. The Macs I am running Postgres on are also used interactively. The Login screen is set to list mode. Unlike other unix accounts created for use by daemons, the postgres account shows up in this list, which adds confusion to other users accessing this machine. This behaviour can be sup- pressed by setting the shell variable in the NetInfo database to /usr/bin/false as shown with many Apple supplied software.
The user account is something that needs some work. I agree that the user created here shouldn't be visible in different lists. However, I may be wrong, but I have thought that user visibility is governed by user ID that for most daemon users is less than 100 that is the horizon in this case. The id area below 100 is however Apple's area, so we can't create any id there. I must admit that I use a slightly modified version of Portfile just to be sure that I don't create superfluous users. Maybe I am too cautious but I use a version that adds the user only if it does not exist already. This is not yet in the Portfile yet, maybe I have the wrong impression of how adduser command in Portfile works...
The drawback of denying interactive login to such user accounts is in testing and boot scripts. A way around this is to call su with -m option which inherits the environment from root, which is the user account used by the invoking launchd service. I cant see this to be harmful unless you were used to setting environ- ment variables in another place then /etc/profile which I use for this purpose. Please note, that setting shell to /usr/bin/false could be done by your install scripts using niutil. This would be the next step in sophistication not shown in my patch.
The other place of modification is a short hint to the user on how to set the environment variable POSTGRESQL82DATA to a value of their choice. I had to do this when I decided on my scheme for database backup. Actually, I keep the whole macports directory structure under /Library/Macports with fresh installs. I do this to avoid /opt showing up in the root directory. I feel in sync with Apples policy on places to install 3rd party software and with macports installing interactive apps such as Abiword in a folder called /Applications/Macports. I also keep working data of any installed additional services such as CVS in directories named /Library/Name_of_service to ease backup. Other users might decide to keep such data under /Users/Shared/ or wherever.
/opt is the place, I used /usr/local earlier, but changed that later. There is nothing wrong in creating subdirectories in /. Everybody has a way of work, and the tools should be adaptable.
Lastly, I like to use Console.app to read Logfiles. Console.app comes prefconfigured with three directories in the side column, where to look for logfiles. These three folders seem to be hard wired, which might not be that smart from Apple, but which makes it barely usable for Logfiles burried deep inside the directory structure of macports. I feel users should be supported if they like to keep their Logfiles elsewhere. The three folders in the sidebar are (~)/Library/Logs and /var/log respectively. With the rationale mentioned above, I keep Logfiles under /Library/Logs/.
I had to figure out myself, how to set POSTGRESQL82DATA without modifying the wrapper provided by you myself. I feel that every- body who tries to do so will come to this place and thus found this the right place for a comment. i also introduced a variable for the logging directory.
I use Console.app to read logfiles, too. There is no problem in making it read log files elsewhere in the system. I myself have Apache2 log files open from /opt/local/apache2/logs. I am also not sure of copying a user's environment for port. This is perhaps a bit paranoid, but ports should reside in a totally controlled environment. with best greetings, Jyrki Wahlstedt
On Jun 9, 2007, at 08:42, Jyrki Wahlstedt wrote:
Some comments on the two issues I am addresing with my changes. First, the postgres user account. The Macs I am running Postgres on are also used interactively. The Login screen is set to list mode. Unlike other unix accounts created for use by daemons, the postgres account shows up in this list, which adds confusion to other users accessing this machine. This behaviour can be sup- pressed by setting the shell variable in the NetInfo database to /usr/bin/false as shown with many Apple supplied software.
The user account is something that needs some work. I agree that the user created here shouldn't be visible in different lists. However, I may be wrong, but I have thought that user visibility is governed by user ID that for most daemon users is less than 100 that is the horizon in this case. The id area below 100 is however Apple's area, so we can't create any id there.
Actually, JKH says user IDs below 500 are reserved by Apple: http://lists.macosforge.org/pipermail/macports-dev/2007-April/ 001240.html
On 9 Jun 2007, at 15:42, Jyrki Wahlstedt wrote:
On 7.6.2007, at 18.19, Christian Voelker wrote:
Hello Markus and Jyrki,
I am running PostgreSQL as built by macports since some time with great success (currently I have a little issue on a G5 iMac, by I have to investigate that myself before screaming). Thank you for your porting efforts, package maintainance and fast response to updates!
Thanks!
With every update, I have to replace one file manually with a slightly modified version though. I believe that my mods would not break anybodies installation but enhance the over- all experience in some cases. Thus, I have put together a little patch. Please discuss or integrate in case you decide that this is a good mod. Obviously, I myself would benefit the most from this ;-). the file in question is:
/opt/local/etc/LaunchDaemons/org.macports.postgresql82-server/ postgresql82-server.wrapper
Here comes the patchfile. If the format does not fit your needs, please tell me how to do better or point me to a place telling how to do it.
<postgresql82-server.wrapper.patch.unified>
The format is perfect.
Some comments on the two issues I am addresing with my changes. First, the postgres user account. The Macs I am running Postgres on are also used interactively. The Login screen is set to list mode. Unlike other unix accounts created for use by daemons, the postgres account shows up in this list, which adds confusion to other users accessing this machine. This behaviour can be sup- pressed by setting the shell variable in the NetInfo database to /usr/bin/false as shown with many Apple supplied software.
The user account is something that needs some work. I agree that the user created here shouldn't be visible in different lists. However, I may be wrong, but I have thought that user visibility is governed by user ID that for most daemon users is less than 100 that is the horizon in this case. The id area below 100 is however Apple's area, so we can't create any id there. I must admit that I use a slightly modified version of Portfile just to be sure that I don't create superfluous users. Maybe I am too cautious but I use a version that adds the user only if it does not exist already. This is not yet in the Portfile yet, maybe I have the wrong impression of how adduser command in Portfile works...
This one would need to be fixed in the port(1) tool - I don't know how this currently is implemented. Best would be to discuss this one the developers mailing list!
The drawback of denying interactive login to such user accounts is in testing and boot scripts. A way around this is to call su with -m option which inherits the environment from root, which is the user account used by the invoking launchd service. I cant see this to be harmful unless you were used to setting environ- ment variables in another place then /etc/profile which I use for this purpose. Please note, that setting shell to /usr/bin/false could be done by your install scripts using niutil. This would be the next step in sophistication not shown in my patch.
The other place of modification is a short hint to the user on how to set the environment variable POSTGRESQL82DATA to a value of their choice. I had to do this when I decided on my scheme for database backup. Actually, I keep the whole macports directory structure under /Library/Macports with fresh installs. I do this to avoid /opt showing up in the root directory. I feel in sync with Apples policy on places to install 3rd party software and with macports installing interactive apps such as Abiword in a folder called /Applications/Macports. I also keep working data of any installed additional services such as CVS in directories named /Library/Name_of_service to ease backup. Other users might decide to keep such data under /Users/Shared/ or wherever.
/opt is the place, I used /usr/local earlier, but changed that later. There is nothing wrong in creating subdirectories in /. Everybody has a way of work, and the tools should be adaptable.
Lastly, I like to use Console.app to read Logfiles. Console.app comes prefconfigured with three directories in the side column, where to look for logfiles. These three folders seem to be hard wired, which might not be that smart from Apple, but which makes it barely usable for Logfiles burried deep inside the directory structure of macports. I feel users should be supported if they like to keep their Logfiles elsewhere. The three folders in the sidebar are (~)/Library/Logs and /var/log respectively. With the rationale mentioned above, I keep Logfiles under /Library/Logs/.
I had to figure out myself, how to set POSTGRESQL82DATA without modifying the wrapper provided by you myself. I feel that every- body who tries to do so will come to this place and thus found this the right place for a comment. i also introduced a variable for the logging directory.
I use Console.app to read logfiles, too. There is no problem in making it read log files elsewhere in the system. I myself have Apache2 log files open from /opt/local/apache2/logs. I am also not sure of copying a user's environment for port. This is perhaps a bit paranoid, but ports should reside in a totally controlled environment.
with best greetings, Jyrki Wahlstedt
salut, -Markus --- Markus W. Weissmann http://www.mweissmann.de/
participants (4)
-
Christian Voelker
-
Jyrki Wahlstedt
-
Ryan Schmidt
-
Weissmann Markus