Re: systemd & postgresql - flooding system log
On Fri, Jul 14, 2017 at 05:07:22PM -0500, Don Armstrong wrote:
>...
> This plugin is horribly designed, and runs su - $DBUSER -c [...] for its
> functioning.
>
> It should instead just su $DBUSER -c [...]; or better yet, not actually
> su to the database user, and instead run as a user which only has the
> ability to read the appropriate tables and cannot also write to.
>
> If you fix that so that it doesn't start a login session, you'll fix
> the excessive number of sessions created.
Unfortunately removing `-' didn't helped.
On Sat, Jul 15, 2017 at 12:30:41AM +0200, Michael Biebl wrote:
> Am 15.07.2017 um 00:07 schrieb Don Armstrong:
> > This plugin is horribly designed, and runs su - $DBUSER -c [...] for its
> > functioning.
>
> Indeed.
>
> > It should instead just su $DBUSER -c [...]; or better yet, not actually
> > su to the database user, and instead run as a user which only has the
> > ability to read the appropriate tables and cannot also write to.
>
> There is an alternative utility called runuser which is more suitable
> for such cases.
> It uses a different pam config and doesn't start a systemd logind session.
Bingo! This helped runuser instead of su.
su - $DBUSER -c [...]
to
runuser -c [...] $DBUSER
Thanks
--
Zito
Reply to: