Versions Compared

Old Version 35

changes.mady.by.user Former user

Saved on

compared with

New Version 36

changes.mady.by.user Luke Fritz (Unlicensed)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

When Linux starts a service, Linux also runs a startup script. The startup script runs when the machine powers on or when a service manually starts. The startup script startup script typically runs tasks that relate to the starting, stopping, and restarting of a service.

For database services, the startup script startup script typically runs tasks that occur in folders that hold database files. With encrypted database files, you must allow the startup script the startup script to access the database folders. If not, the database will not start properly, and in some cases, interfere with the power on process for the machine.  


Common GuardPoints

The system needs to access the commonly guarded (encrypted) folders inside of of /var/lib/pgsql.


Access to GuardPoints

...

For instance if the GuardPoint is /var/lib/pgsql/, then your resource would only be be pg_log.

The resources that the pgsql startup script will need access are:

  • /pg_log  

  • /PG_VERSION

  • /base  

  • /postmaster.pid

The following image shows the files that should be included in the Resource Set, specifically for Postgres:

...

Allow startup scripts to access encrypted PostgreSQL databases

  1. Log into your DSM as Security as Security Administrator.  

  2. In the menu bar, click Polices, and then click Manage Policies. 

  3. Mark the policy that guards your databases, such as as /var/ib/sql/data, and then click Add.  

  4. Under Security Rules, click Add.   

  5. Next to Resource, click Select.  

  6. In the window that appears, click Add.  

  7. In Name, enter a descriptive name for your Resource Set.  

  8. Click Add to specify a resource that will need to be accessed in the GuardPoint upon startup.  

  9. In File, enter the specified file that needs to be accessed upon startup, and then click Ok.

    • For example, in the image below, four resources are included in the Resource Set (pg_log, /PG_VERSION, /base, and /psotmaster.pid). These resource must be added one at a time.



  10. (Optional) To add resources, repeat steps 8 - 10.

  11. Mark the newly created Resource Set, and then click Select Resource Set.  In In the window that appears, Resource is populated with the newly created Resource Set.

  12. Next to Effect, click Select.  

  13. Mark Permit and Apply.  

  14. Click Select Effect.  

  15. Click Ok.  

  16. Mark the rule, and then click Up to move the new rule above the catch-all rule.  



  17. Click Ok, and then click click Apply to save the changes.  

  18. (Optional) You should test to make sure your system is running properly.  




Was this helpful?