Monday, November 29, 2010

Recursive setfacl or how to add your PostgreSQL data directory to Git

This was an interesting annoyance.

I was working on some examples and wanted to be able to delete everything cleanly after I was done.

I had an instance of JBoss and wanted PostgreSQL to use a local directory for data.

My directory structure was :
example/
data
jboss-eap-5.1
logs

I had a user "postgres" to run PostgreSQL. Since the rest of the directory was created by me, "jeremy," I used setfacl to add "postgres" to the data directory:
setfacl -m u:postgres:rwx ./data/

When I ran :
initdb -D data/

It wasn't happy. I got :
"initdb: could not change permissions of directory"

Next up was :
sudo chown -R postgres:postgres data/

That worked for "initdb." I was able to su to the "postgres" user and execute "initdb" in "data/."

I was happy until I tried to add "data/" to Git :
[jeremy@jeremy example]$ git add data
error: open("data/PG_VERSION"): Permission denied
error: unable to index file data/PG_VERSION
fatal: adding files failed

setfacl to the rescue!
sudo setfacl -Rm u:jeremy:rwx ./data/

Unfortunately I got the same error.
I was missing the important "d" argument. The following worked :
sudo setfacl -Rm u:jeremy:rwx,d:u:jeremy:rwx ./data/
"sudo" was necessary because of changing the ownership to the "postgres" user.

I added everything to Git.

The moral of this rambling story : use the "d" flag with setfacl to cascade permissions to the files.