On 7/31/20 4:40 PM, Bee.Lists wrote:
However the service isn’t starting because the ownership of the parent directory, pgbouncer:pgbouncer results in some permissions issues:
2020-07-31 04:58:34.089 EDT [3682] FATAL could not open pidfile '/var/run/pgbouncer/pgbouncer.pid': Permission denied
I don't see a reason the DAC permissions would cause that. Have you checked /var/log/audit/audit.log for AVC denials during service startup?
/var/run/ has special flushing behaviour which I want to retain
What does that mean?
Changing ownership on this directory just results in an automatic ownership set by the service, so that’s not an option.
Why would changing ownership help? Are you running pgbouncer as a user other than the owner of the run directory, "pgbouncer"?
If so, ownership and permission of the run directories are typically set in a file in tmpfiles.d and managed by "systemd-tmpfiles". In this case, the /usr/lib/tmpfiles.d/pgbouncer.conf file.
- Is there another location that can achieve this?
You might need SELinux labels, but you can put PID files where ever you want them. But my advice would be to keep them in /var/run (/run, technically, the former is a symlink).