Monday, 16 November 2020

macOS Big Sur upgrade breaking PostgreSQL installations

Update: I, and others have subsequently been unable to reproduce the problem below. If you do run into the issue, please let me know in the comments below.

Some of the readers of my blog may be aware that I'm responsible for the PostgreSQL Installers produced by EDB for the PostgreSQL Community. This includes both the Windows and macOS installers, and the now-deprecated Linux installers (use RPMs/DEBs instead)!

Over the weekend I upgraded my laptop to the new Big Sur release from Apple, a.k.a. macOS 11.0. Everything went just fine until I tried to connect to my PostgreSQL 13 development server and found it had failed to startup. I did some digging, and quickly found that there was a permissions problem:

dpage@hal:~$ sudo su - postgres -c '/Library/PostgreSQL/13/bin/postmaster -D/Library/PostgreSQL/13/data'
2020-11-16 16:00:18.544 GMT [9532] FATAL:  data directory "/Library/PostgreSQL/13/data" has invalid permissions
2020-11-16 16:00:18.544 GMT [9532] DETAIL:  Permissions should be u=rwx (0700) or u=rwx,g=rx (0750).

Thankfully that's pretty easy to fix:

sudo chmod 0700 /Library/PostgreSQL/13/data

LaunchDaemon then tried again to start PostgreSQL, and succeeded:

dpage@hal:~$ ps -ef |grep postgres
  503  9548  9547   0  4:02pm ??         0:00.00 postgres: logger  
  503  9550  9547   0  4:02pm ??         0:00.00 postgres: checkpointer  
  503  9551  9547   0  4:02pm ??         0:00.00 postgres: background writer  
  503  9552  9547   0  4:02pm ??         0:00.00 postgres: walwriter  
  503  9553  9547   0  4:02pm ??         0:00.00 postgres: autovacuum launcher  
  503  9554  9547   0  4:02pm ??         0:00.00 postgres: stats collector  
  503  9555  9547   0  4:02pm ??         0:00.00 postgres: logical replication launcher  
  503  9556  9547   0  4:02pm ??         0:00.03 postgres: postgres ml ::1(49777) idle 
  501  9558  9469   0  4:02pm ttys004    0:00.00 grep postgres

So what happened here? It looks like the upgrade process for Big Sur "fixed" the permissions on the data directory to set them to what it thought was appropriate. Unfortunately, the new permissions are considered too broad by PostgreSQL which refuses to start to draw attention to the possible security issue.

Since correcting the permissions I've rebooted my machine and found that they stayed correct, so it's likely this issue happened during the upgrade process, and not as part of the boot process or some other process that periodically "fixes" permissions.

I've also tried installing PostgreSQL 12, and found that a fresh installation works as it should; the installer correctly sets the permissions on the data directory and PostgreSQL happily starts.

So, if you upgrade to Big Sur and PostgreSQL stops working, check that the upgrade process hasn't modified the permissions on the data directory. The directory should look like this:

dpage@hal:~$ ls -al /Library/PostgreSQL/13 | grep data
drwx------  31 postgres  daemon    992 16 Nov 16:02 data

We will be raising this issue with Apple.

No comments: