[CentOS] pgbouncer.pid Permissions on CentOS 7

Sat Aug 1 18:52:05 UTC 2020
Gordon Messmer <gordon.messmer at gmail.com>

On 7/31/20 4:40 PM, Bee.Lists wrote:
> However the service isn’t starting because the ownership of the parent directory, pgbouncer:pgbouncer results in some permissions issues:
>    2020-07-31 04:58:34.089 EDT [3682] FATAL could not open pidfile '/var/run/pgbouncer/pgbouncer.pid': Permission denied

I don't see a reason the DAC permissions would cause that.  Have you 
checked /var/log/audit/audit.log for AVC denials during service startup?

> /var/run/ has special flushing behaviour which I want to retain

What does that mean?

> Changing ownership on this directory just results in an automatic ownership set by the service, so that’s not an option.

Why would changing ownership help?  Are you running pgbouncer as a user 
other than the owner of the run directory, "pgbouncer"?

If so, ownership and permission of the run directories are typically set 
in a file in tmpfiles.d and managed by "systemd-tmpfiles".  In this 
case, the /usr/lib/tmpfiles.d/pgbouncer.conf file.

> - Is there another location that can achieve this?

You might need SELinux labels, but you can put PID files where ever you 
want them.  But my advice would be to keep them in /var/run (/run, 
technically, the former is a symlink).