2 $Header: /cvsroot/pgsql/doc/src/sgml/runtime.sgml,v 1.158 2002/11/21 06:36:08 tgl Exp $
6 <Title>Server Run-time Environment</Title>
9 This chapter discusses how to set up and run the database server
10 and the interactions with the operating system.
13 <sect1 id="postgres-user">
14 <title>The <productname>PostgreSQL</productname> User Account</title>
17 <primary>postgres user</primary>
21 As with any other server daemon that is connected to outside world,
22 it is advisable to run <productname>PostgreSQL</productname> under a
23 separate user account. This user account should only own the data
24 that is managed by the server, and should not be shared with other
25 daemons. (For example, using the user <quote>nobody</quote> is a bad
26 idea.) It is not advisable to install executables owned by
27 this user because compromised systems could then modify their own
32 To add a Unix user account to your system, look for a command
33 <command>useradd</command> or <command>adduser</command>. The user
34 name <systemitem>postgres</systemitem> is often used but is by no
39 <sect1 id="creating-cluster">
40 <title>Creating a Database Cluster</title>
43 <primary>database cluster</primary>
47 <primary>data area</primary>
48 <see>database cluster</see>
52 Before you can do anything, you must initialize a database storage
53 area on disk. We call this a <firstterm>database cluster</firstterm>.
54 (<acronym>SQL</acronym> uses the term catalog cluster instead.) A
55 database cluster is a collection of databases is accessible by a
56 single instance of a running database server. After initialization, a
57 database cluster will contain a database named
58 <literal>template1</literal>. As the name suggests, this will be used
59 as a template for subsequently created databases; it should not be
60 used for actual work. (See <xref linkend="managing-databases"> for information
61 about creating databases.)
65 In file system terms, a database cluster will be a single directory
66 under which all data will be stored. We call this the <firstterm>data
67 directory</firstterm> or <firstterm>data area</firstterm>. It is
68 completely up to you where you choose to store your data. There is no
69 default, although locations such as
70 <filename>/usr/local/pgsql/data</filename> or
71 <filename>/var/lib/pgsql/data</filename> are popular. To initialize a
72 database cluster, use the command <command>initdb</command>, which is
73 installed with <productname>PostgreSQL</productname>. The desired
74 file system location of your database system is indicated by the
75 <option>-D</option> option, for example
77 <prompt>$</> <userinput>initdb -D /usr/local/pgsql/data</userinput>
79 Note that you must execute this command while logged into the
80 <productname>PostgreSQL</productname> user account, which is
81 described in the previous section.
87 <primary><envar>PGDATA</envar></primary>
89 As an alternative to the <option>-D</option> option, you can set
90 the environment variable <envar>PGDATA</envar>.
95 <command>initdb</command> will attempt to create the directory you
96 specify if it does not already exist. It is likely that it will not
97 have the permission to do so (if you followed our advice and created
98 an unprivileged account). In that case you should create the
99 directory yourself (as root) and change the owner to be the
100 <productname>PostgreSQL</productname> user. Here is how this might
103 root# <userinput>mkdir /usr/local/pgsql/data</userinput>
104 root# <userinput>chown postgres /usr/local/pgsql/data</userinput>
105 root# <userinput>su postgres</userinput>
106 postgres$ <userinput>initdb -D /usr/local/pgsql/data</userinput>
111 <command>initdb</command> will refuse to run if the data directory
112 looks like it it has already been initialized.</para>
115 Because the data directory contains all the data stored in the
116 database, it is essential that it be secured from unauthorized
117 access. <command>initdb</command> therefore revokes access
118 permissions from everyone but the
119 <productname>PostgreSQL</productname> user.
123 However, while the directory contents are secure, the default
124 client authentication setup allows any local user to connect to the
125 database and even become the database superuser. If you don't trust
126 other local users, we recommend you use <command>initdb</command>'s
127 <option>-W</option> or <option>--pwprompt</option> option to assign a
128 password to the database superuser. After <command>initdb</command>,
129 modify the <filename>pg_hba.conf</filename> file to use <literal>md5</> or
130 <literal>password</> instead of <literal>trust</> authentication
131 <emphasis>before</> you start the server for the first time. (Other,
132 approaches include using <literal>ident</literal> authentication or
133 file system permissions to restrict connections. See <xref
134 linkend="client-authentication"> for more information.)
138 <indexterm><primary>locale</></>
139 <indexterm><primary>LC_COLLATE</></>
140 <command>initdb</command> also initializes the default locale for
141 the database cluster. Normally, it will just take the locale
142 settings in the environment and apply them to the initialized
143 database. It is possible to specify a different locale for the
144 database; more information about that can be found in <xref
145 linkend="locale">. One surprise you might encounter while running
146 <command>initdb</command> is a notice similar to this:
148 The database cluster will be initialized with locale de_DE.
149 This locale setting will prevent the use of indexes for pattern matching
150 operations. If that is a concern, rerun initdb with the collation order
151 set to "C". For more information see the Administrator's Guide.
153 This is intended to warn you that the currently selected locale
154 will cause indexes to be sorted in an order that prevents them from
155 being used for <literal>LIKE</> and regular-expression searches. If you need
156 good performance in such searches, you should set your current
157 locale to <literal>C</> and re-run <command>initdb</command>, e.g.,
158 by running <literal>initdb --lc-collate=C</literal>. The sort
159 order used within a particular database cluster is set by
160 <command>initdb</command> and cannot be changed later, short of
161 dumping all data, rerunning <command>initdb</command>, and
162 reloading the data. So it's important to make this choice correctly
167 <sect1 id="postmaster-start">
168 <title>Starting the Database Server</title>
172 <primary>postmaster</primary>
174 Before anyone can access the database, you must start the database
175 server. The database server is called
176 <firstterm>postmaster</firstterm>. The postmaster must know where to
177 find the data it is supposed to use. This is done with the
178 <option>-D</option> option. Thus, the simplest way to start the
181 $ <userinput>postmaster -D /usr/local/pgsql/data</userinput>
183 which will leave the server running in the foreground. This must be
184 done while logged into the <productname>PostgreSQL</productname> user
185 account. Without <option>-D</option>, the server will try to use
186 the data directory in the environment variable <envar>PGDATA</envar>.
187 If neither of these succeed, it will fail.
191 To start the <application>postmaster</application> in the
192 background, use the usual shell syntax:
194 $ <userinput>postmaster -D /usr/local/pgsql/data > logfile 2>&1 &</userinput>
196 It is an important to store the server's <systemitem>stdout</> and
197 <systemitem>stderr</> output somewhere, as shown above. It will help
198 for auditing purposes and to diagnose problems. (See <xref
199 linkend="logfile-maintenance"> for a more thorough discussion of log
205 <primary>TCP/IP</primary>
207 The postmaster also takes a number of other command line options. For
208 more information, see the reference page and <xref
209 linkend="runtime-config"> below. In particular, in order for the
210 server to accept TCP/IP connections (rather than just Unix domain
211 socket ones), you must specify the <option>-i</option> option.
216 <primary>pg_ctl</primary>
218 This shell syntax can get tedious quickly. Therefore the shell
219 script wrapper <application>pg_ctl</application> is provided to
220 simplify some tasks. For example:
222 pg_ctl start -l logfile
224 will start the server in the background and put the output into the
225 named log file. The <option>-D</option> option has the same meaning
226 here as in the postmaster. <application>pg_ctl</application> is also
227 capable of stopping the server.
231 Normally, you will want to start the database server when the
232 computer boots. Autostart scripts are operating system-specific.
233 There are a few distributed with
234 <productname>PostgreSQL</productname> in the
235 <filename>/contrib/start-scripts</> directory. This may require root
240 Different systems have different conventions for starting up daemons
241 at boot time. Many systems have a file
242 <filename>/etc/rc.local</filename> or
243 <filename>/etc/rc.d/rc.local</filename>. Others use
244 <filename>rc.d</> directories. Whatever you do, the server must be
245 run by the <productname>PostgreSQL</productname> user account
246 <emphasis>and not by root</emphasis> or any other user. Therefore you
247 probably should form your commands using <literal>su -c '...'
248 postgres</literal>. For example:
250 su -c 'pg_ctl start -D /usr/local/pgsql/data -l serverlog' postgres
255 Here are a few more operating system specific suggestions. (Always
256 replace these with the proper installation directory and the user
262 For <productname>FreeBSD</productname>, look at the file
263 <filename>contrib/start-scripts/freebsd</filename> in the
264 <productname>PostgreSQL</productname> source distribution.
265 <indexterm><primary>FreeBSD</></>
271 On <productname>OpenBSD</productname>, add the following lines
272 to the file <filename>/etc/rc.local</filename>:
273 <indexterm><primary>OpenBSD</></>
275 if [ -x /usr/local/pgsql/bin/pg_ctl -a -x /usr/local/pgsql/bin/postmaster ]; then
276 su - -c '/usr/local/pgsql/bin/pg_ctl start -l /var/postgresql/log -s' postgres
277 echo -n ' postgresql'
285 On <productname>Linux</productname> systems either add
286 <indexterm><primary>Linux</></>
288 /usr/local/pgsql/bin/pg_ctl start -l logfile -D /usr/local/pgsql/data
290 to <filename>/etc/rc.d/rc.local</filename> or look at the file
291 <filename>contrib/start-scripts/linux</filename> in the
292 <productname>PostgreSQL</productname> source distribution.
298 On <productname>NetBSD</productname>, either use the
299 <productname>FreeBSD</productname> or
300 <productname>Linux</productname> start scripts, depending on
301 preference. <indexterm><primary>NetBSD</></>
307 On <productname>Solaris</productname>, create a file called
308 <filename>/etc/init.d/postgresql</filename> which should contain
310 <indexterm><primary>Solaris</></>
312 su - postgres -c "/usr/local/pgsql/bin/pg_ctl start -l logfile -D /usr/local/pgsql/data"
314 Then, create a symbolic link to it in <filename>/etc/rc3.d</> as
315 <literal>S99postgresql</>.
323 While the <application>postmaster</application> is running, its
324 <acronym>PID</acronym> is in the file
325 <filename>postmaster.pid</filename> in the data directory. This is
326 used to prevent multiple postmasters running in the same data
327 directory, and can also be used for shutting down the postmaster.
330 <sect2 id="postmaster-start-failures">
331 <title>Server Start-up Failures</title>
334 There are several common reasons the postmaster might fail to
335 start. Check the postmaster's log file, or start it by hand
336 (without redirecting standard output or standard error) and see
337 what error messages appear. Some of the error messages are
338 self-explanatory, but some are not, as shown below:
343 FATAL: StreamServerPort: bind() failed: Address already in use
344 Is another postmaster already running on that port?
346 This usually means just what it suggests: you tried to start
347 another postmaster on the same port where one is already running.
348 However, if the kernel error message is not <computeroutput>Address
349 already in use</computeroutput> or some variant of that, there may
350 be a different problem. For example, trying to start a postmaster
351 on a reserved port number may draw something like:
353 $ <userinput>postmaster -i -p 666</userinput>
354 FATAL: StreamServerPort: bind() failed: Permission denied
355 Is another postmaster already running on that port?
362 IpcMemoryCreate: shmget(key=5440001, size=83918612, 01600) failed: Invalid argument
363 FATAL 1: ShmemCreate: cannot create region
365 probably means your kernel's limit on the size of shared memory is
366 smaller than the buffer area <productname>PostgreSQL</productname>
367 is trying to create (83918612 bytes in this example). Or it could
368 mean that you don't have System-V-style shared memory support
369 configured into your kernel at all. As a temporary workaround, you
370 can try starting the postmaster with a smaller-than-normal number
371 of buffers (<option>-B</option> switch). You will eventually want
372 to reconfigure your kernel to increase the allowed shared memory
373 size. You may see this message when trying to start multiple
374 postmasters on the same machine if their total space requested
375 exceeds the kernel limit.
381 IpcSemaphoreCreate: semget(key=5440026, num=16, 01600) failed: No space left on device
383 does <emphasis>not</emphasis> mean you've run out of disk space. It
384 means your kernel's limit on the number of System V semaphores is
385 smaller than the number <productname>PostgreSQL</productname> wants
386 to create. As above, you may be able to work around the problem by
387 starting the postmaster with a reduced number of allowed connections
388 (<option>-N</option> switch), but you'll eventually want to
389 increase the kernel limit.
393 If you get an <quote>illegal system call</> error, it is likely that
394 shared memory or semaphores are not supported in your kernel at
395 all. In that case your only option is to reconfigure the kernel to
396 enable these features.
400 Details about configuring <systemitem class="osname">System V</>
401 <acronym>IPC</> facilities are given in <xref linkend="sysvipc">.
405 <sect2 id="client-connection-problems">
406 <title>Client Connection Problems</title>
409 Although the error conditions possible on the client side are quite
410 varied and application-dependent, a few of them might be directly
411 related to how the server was started up. Conditions other than
412 those shown below should be documented with the respective client
418 psql: could not connect to server: Connection refused
419 Is the server running on host server.joe.com and accepting
420 TCP/IP connections on port 5432?
422 This is the generic <quote>I couldn't find a server to talk
423 to</quote> failure. It looks like the above when TCP/IP
424 communication is attempted. A common mistake is to forget the
425 <option>-i</option> option to allow the postmaster to accept TCP/IP
430 Alternatively, you'll get this when attempting Unix-socket
431 communication to a local postmaster:
433 psql: could not connect to server: Connection refused
434 Is the server running locally and accepting
435 connections on Unix domain socket "/tmp/.s.PGSQL.5432"?
440 The last line is useful in verifying that the client is trying to
441 connect to the right place. If there is in fact no postmaster
442 running there, the kernel error message will typically be either
443 <computeroutput>Connection refused</computeroutput> or
444 <computeroutput>No such file or directory</computeroutput>, as
445 illustrated. (It is important to realize that
446 <computeroutput>Connection refused</computeroutput> in this context
447 does <emphasis>not</emphasis> mean that the postmaster got your
448 connection request and rejected it -- that case will produce a
449 different message, as shown in <xref
450 linkend="client-authentication-problems">.) Other error messages
451 such as <computeroutput>Connection timed out</computeroutput> may
452 indicate more fundamental problems, like lack of network
458 <sect1 id="runtime-config">
459 <Title>Run-time Configuration</Title>
462 <primary>configuration</primary>
463 <secondary>server</secondary>
467 There are a lot of configuration parameters that affect the behavior
468 of the database system. Here we describe how to set them and the
469 following subsections will discuss each in detail.
473 All parameter names are case-insensitive. Every parameter takes a
474 value of one of the four types: Boolean, integer, floating point,
475 and string. Boolean values are <literal>ON</literal>,
476 <literal>OFF</literal>, <literal>TRUE</literal>,
477 <literal>FALSE</literal>, <literal>YES</literal>,
478 <literal>NO</literal>, <literal>1</literal>, <literal>0</literal>
479 (case-insensitive) or any non-ambiguous prefix of these.
483 One way to set these options is to edit the file
484 <filename>postgresql.conf</filename> in the data directory. (A
485 default file is installed there.) An example of what this file might
489 log_connections = yes
491 search_path = '$user, public'
493 As you see, options are one per line. The equal sign between name
494 and value is optional. Whitespace is insignificant and blank lines
495 are ignored. Hash marks (<quote>#</quote>) introduce comments
496 anywhere. Parameter values that are not simple identifiers or
497 numbers should be single-quoted.
502 <primary>SIGHUP</primary>
504 The configuration file is reread whenever the postmaster receives a
505 <systemitem>SIGHUP</> signal (which is most easily sent by means of
506 <literal>pg_ctl reload</>). The postmaster also propagates this
507 signal to all currently running backend processes so that existing
508 sessions also get the new value. Alternatively, you can send the
509 signal to a single backend process directly.
513 A second way to set these configuration parameters is to give them
514 as a command line option to the postmaster, such as:
516 postmaster -c log_connections=yes -c syslog=2
518 which would have the same effect as the previous example.
519 Command-line options override any conflicting settings in
520 <filename>postgresql.conf</filename>.
524 Occasionally it is also useful to give a command line option to
525 one particular backend session only. The environment variable
526 <envar>PGOPTIONS</envar> can be used for this purpose on the
529 env PGOPTIONS='-c geqo=off' psql
531 (This works for any <application>libpq</>-based client application, not just
532 <application>psql</application>.) Note that this won't work for
533 options that are fixed when the server is started, such as the port
538 Some options can be changed in individual SQL sessions with the
539 <command>SET</command> command, for example:
541 => <userinput>SET ENABLE_SEQSCAN TO OFF;</userinput>
543 See the SQL command language reference for details on the syntax.
547 Furthermore, it is possible to assign a set of option settings to
548 a user or a database. Whenever a session is started, the default
549 settings for the user and database involved are loaded. The
550 commands <literal>ALTER DATABASE</literal> and <literal>ALTER
551 USER</literal>, respectively, are used to configure these settings.
552 Such per-database settings override anything received from the postmaster
553 or the configuration file, and in turn are overridden by per-user
557 <sect2 id="catalog-pg-settings">
558 <title>pg_settings</title>
561 The <structname>pg_settings</structname> virtual table allows display and update
562 of current session run-time parameters. There is one entry for each of the
563 available parameters provided by <command>SHOW ALL</command>. But it is
564 in a form that allows it to be joined with other relations and have a
565 selection criteria applied.
569 An <command>UPDATE</command> performed on <structname>pg_settings</structname>
570 is equivalent to executing the <command>SET</command> command on that named
571 parameter. The change only affects the value used by the current session. If
572 an <command>UPDATE</command> is issued within a transaction that is later
573 aborted, the effects of the <command>UPDATE</command> command disappear when
574 the transaction is rolled back. Once the surrounding transaction is
575 committed, the effects will persist until the end of the session, unless
576 overridden by another <command>UPDATE</command> or <command>SET</command>.
580 <title>pg_settings Columns</title>
587 <entry>Description</entry>
593 <entry><literal>name</literal></entry>
594 <entry><type>text</type></entry>
595 <entry>The name of a current session run-time parameter</entry>
599 <entry><literal>setting</literal></entry>
600 <entry><type>text</type></entry>
601 <entry>The value of a current session run-time parameter</entry>
609 <sect2 id="runtime-config-optimizer">
610 <title>Planner and Optimizer Tuning</title>
615 <term><varname>CPU_INDEX_TUPLE_COST</varname> (<type>floating point</type>)</term>
618 Sets the query optimizer's estimate of the cost of processing
619 each index tuple during an index scan. This is measured as a
620 fraction of the cost of a sequential page fetch.
626 <term><varname>CPU_OPERATOR_COST</varname> (<type>floating point</type>)</term>
629 Sets the optimizer's estimate of the cost of processing each
630 operator in a <literal>WHERE</> clause. This is measured as a fraction of
631 the cost of a sequential page fetch.
637 <term><varname>CPU_TUPLE_COST</varname> (<type>floating point</type>)</term>
640 Sets the query optimizer's estimate of the cost of processing
641 each tuple during a query. This is measured as a fraction of
642 the cost of a sequential page fetch.
648 <term><varname>DEFAULT_STATISTICS_TARGET</varname> (<type>integer</type>)</term>
651 Sets the default statistics target for table columns that have not
652 had a column-specific target set via <command>ALTER TABLE SET
653 STATISTICS</>. Larger values increase the time needed to do
654 <command>ANALYZE</>, but may improve the quality of the planner's
661 <term><varname>EFFECTIVE_CACHE_SIZE</varname> (<type>floating point</type>)</term>
664 Sets the optimizer's assumption about the effective size of the
665 disk cache (that is, the portion of the kernel's disk cache that
666 will be used for <productname>PostgreSQL</productname> data
667 files). This is measured in disk pages, which are normally 8 kB
674 <term><varname>ENABLE_HASHAGG</varname> (<type>boolean</type>)</term>
677 Enables or disables the query planner's use of hashed aggregation
678 plan types. The default is on. This is used for debugging the query
685 <term><varname>ENABLE_HASHJOIN</varname> (<type>boolean</type>)</term>
688 Enables or disables the query planner's use of hash-join plan
689 types. The default is on. This is used for debugging the
697 <primary>index scan</primary>
700 <term><varname>ENABLE_INDEXSCAN</varname> (<type>boolean</type>)</term>
703 Enables or disables the query planner's use of index-scan plan
704 types. The default is on. This is used to debugging the
711 <term><varname>ENABLE_MERGEJOIN</varname> (<type>boolean</type>)</term>
714 Enables or disables the query planner's use of merge-join plan
715 types. The default is on. This is used for debugging the
722 <term><varname>ENABLE_NESTLOOP</varname> (<type>boolean</type>)</term>
725 Enables or disables the query planner's use of nested-loop join
726 plans. It's not possible to suppress nested-loop joins entirely,
727 but turning this variable off discourages the planner from using
728 one if there are other methods available. The default is
729 on. This is used for debugging the query planner.
736 <primary>sequential scan</primary>
739 <term><varname>ENABLE_SEQSCAN</varname> (<type>boolean</type>)</term>
742 Enables or disables the query planner's use of sequential scan
743 plan types. It's not possible to suppress sequential scans
744 entirely, but turning this variable off discourages the planner
745 from using one if there are other methods available. The
746 default is on. This is used for debugging the query planner.
752 <term><varname>ENABLE_SORT</varname> (<type>boolean</type>)</term>
755 Enables or disables the query planner's use of explicit sort
756 steps. It's not possible to suppress explicit sorts entirely,
757 but turning this variable off discourages the planner from
758 using one if there are other methods available. The default
759 is on. This is used for debugging the query planner.
765 <term><varname>ENABLE_TIDSCAN</varname> (<type>boolean</type>)</term>
768 Enables or disables the query planner's use of <acronym>TID</> scan plan
769 types. The default is on. This is used for debugging the
777 <primary>genetic query optimization</primary>
780 <primary>GEQO</primary>
781 <see>genetic query optimization</see>
784 <term><varname>GEQO</varname> (<type>boolean</type>)</term>
787 Enables or disables genetic query optimization, which is an
788 algorithm that attempts to do query planning without exhaustive
789 searching. This is on by default. See also the various other
790 <varname>GEQO_</varname> settings.
796 <term><varname>GEQO_EFFORT</varname> (<type>integer</type>)</term>
797 <term><varname>GEQO_GENERATIONS</varname> (<type>integer</type>)</term>
798 <term><varname>GEQO_POOL_SIZE</varname> (<type>integer</type>)</term>
799 <term><varname>GEQO_RANDOM_SEED</varname> (<type>integer</type>)</term>
800 <term><varname>GEQO_SELECTION_BIAS</varname> (<type>floating point</type>)</term>
803 Various tuning parameters for the genetic query optimization
804 algorithm: The pool size is the number of individuals in one
805 population. Valid values are between 128 and 1024. If it is set
806 to 0 (the default) a pool size of 2^(QS+1), where QS is the
807 number of FROM items in the query, is taken. The effort is used
808 to calculate a default for generations. Valid values are between
809 1 and 80, 40 being the default. Generations specifies the number
810 of iterations in the algorithm. The number must be a positive
811 integer. If 0 is specified then <literal>Effort *
812 Log2(PoolSize)</literal> is used. The run time of the algorithm
813 is roughly proportional to the sum of pool size and generations.
814 The selection bias is the selective pressure within the
815 population. Values can be from 1.50 to 2.00; the latter is the
816 default. The random seed can be set to get reproducible results
817 from the algorithm. If it is set to -1 then the algorithm
818 behaves non-deterministically.
824 <term><varname>GEQO_THRESHOLD</varname> (<type>integer</type>)</term>
827 Use genetic query optimization to plan queries with at least
828 this many <literal>FROM</> items involved. (Note that a
829 <literal>JOIN</> construct counts as only one <literal>FROM</>
830 item.) The default is 11. For simpler queries it is usually best
831 to use the deterministic, exhaustive planner. This parameter
832 also controls how hard the optimizer will try to merge subquery
833 <literal>FROM</literal> clauses into the upper query.
839 <term><varname>RANDOM_PAGE_COST</varname> (<type>floating point</type>)</term>
842 Sets the query optimizer's estimate of the cost of a
843 nonsequentially fetched disk page. This is measured as a
844 multiple of the cost of a sequential page fetch.
853 Unfortunately, there is no well-defined method for determining
854 ideal values for the family of <quote>COST</quote> variables that
855 were just described. You are encouraged to experiment and share
863 <title>Logging and Debugging</title>
868 <term><varname>CLIENT_MIN_MESSAGES</varname> (<type>string</type>)</term>
871 This controls how much message detail is written to the
872 client. Valid values are <literal>DEBUG5</>,
873 <literal>DEBUG4</>, <literal>DEBUG3</>, <literal>DEBUG2</>,
874 <literal>DEBUG1</>, <literal>LOG</>, <literal>NOTICE</>,
875 <literal>WARNING</>, and <literal>ERROR</>. Later values send
876 less information to the client. The default is
877 <literal>NOTICE</>. Note that <literal>LOG</> has a different
878 precedence here than in <literal>LOG_MIN_MESSAGES</>.
882 Here is a summary of the various message types:
885 <term><literal>DEBUG[1-5]</literal></term>
888 Provides information for use by developers.
894 <term><literal>INFO</literal></term>
897 Provides information implicitly requested by the user,
898 e.g., during <command>VACUUM VERBOSE</>.
904 <term><literal>NOTICE</literal></term>
907 Provides information that may be helpful to users, e.g.,
908 truncation of long identifiers and index creation as part
915 <term><literal>WARNING</literal></term>
918 Provides warnings to the user, e.g., <command>COMMIT</>
919 outside a transaction.
925 <term><literal>ERROR</literal></term>
928 Reports the error that caused a transaction to abort.
934 <term><literal>LOG</literal></term>
937 Reports information of interest to administrators, e.g.,
944 <term><literal>FATAL</literal></term>
947 Reports why a backend session terminated.
953 <term><literal>PANIC</literal></term>
956 Reports why all backend sessions restarted.
966 <term><varname>DEBUG_ASSERTIONS</varname> (<type>boolean</type>)</term>
969 Turns on various assertion checks. This is a debugging aid. If
970 you are experiencing strange problems or crashes you might want
971 to turn this on, as it might expose programming mistakes. To use
972 this option, the macro <literal>USE_ASSERT_CHECKING</literal>
973 must be defined when <productname>PostgreSQL</productname> is
974 built (accomplished by the <command>configure</command> option
975 <option>--enable-cassert</option>). Note that
976 <literal>DEBUG_ASSERTIONS</literal> defaults to on if
977 <productname>PostgreSQL</productname> has been built with
984 <term><varname>DEBUG_PRINT_PARSE</varname> (<type>boolean</type>)</term>
985 <term><varname>DEBUG_PRINT_REWRITTEN</varname> (<type>boolean</type>)</term>
986 <term><varname>DEBUG_PRINT_PLAN</varname> (<type>boolean</type>)</term>
987 <term><varname>DEBUG_PRETTY_PRINT</varname> (<type>boolean</type>)</term>
990 These flags enable various debugging output to be sent to the
991 server log. For each executed query, print either the query text,
992 the resulting parse tree, the query rewriter output, or the execution
993 plan. <option>DEBUG_PRETTY_PRINT</option> indents these displays
994 to produce a more readable but much longer output format.
999 <term><varname>EXPLAIN_PRETTY_PRINT</varname> (<type>boolean</type>)</term>
1002 Determines whether <command>EXPLAIN VERBOSE</> uses the indented
1003 or non-indented format for displaying detailed query-tree dumps.
1009 <term><varname>LOG_HOSTNAME</varname> (<type>boolean</type>)</term>
1012 By default, connection logs only show the IP address of the
1013 connecting host. If you want it to show the host name you can
1014 turn this on, but depending on your host name resolution setup
1015 it might impose a non-negligible performance penalty. This
1016 option can only be set at server start.
1022 <term><varname>LOG_CONNECTIONS</varname> (<type>boolean</type>)</term>
1025 This outputs a line to the server logs detailing each successful
1026 connection. This is off by default, although it is probably very
1027 useful. This option can only be set at server start or in the
1028 <filename>postgresql.conf</filename> configuration file.
1034 <term><varname>LOG_DURATION</varname> (<type>boolean</type>)</term>
1037 Causes the duration of every completed statement to be logged.
1038 To use this option, enable <varname>LOG_STATEMENT</> and
1039 <varname>LOG_PID</> so you can link the statement to the
1040 duration using the process ID.
1046 <term><varname>LOG_MIN_ERROR_STATEMENT</varname> (<type>string</type>)</term>
1049 This controls for which message levels the SQL statement
1050 causing that message is to be recorded in the server log. All
1051 statements causing a message of the level of the setting or
1052 higher are logged. The default is <literal>PANIC</literal>
1053 (effectively turning this feature off). Valid values are
1054 <literal>DEBUG5</literal>, <literal>DEBUG4</literal>,
1055 <literal>DEBUG3</literal>, <literal>DEBUG2</literal>,
1056 <literal>DEBUG1</literal>, <literal>INFO</literal>,
1057 <literal>NOTICE</literal>, <literal>WARNING</literal>,
1058 <literal>ERROR</literal>, <literal>FATAL</literal>, and
1059 <literal>PANIC</literal>. For example, if you set this to
1060 <literal>ERROR</literal> then all SQL statements causing
1061 errors, fatal errors, or panics will be logged.
1065 It is recommended you enable <varname>LOG_PID</varname> as well
1066 so you can more easily match the error statement with the error
1073 <term><varname>LOG_MIN_MESSAGES</varname> (<type>string</type>)</term>
1076 This controls how much message detail is written to the server
1077 logs. Valid values are <literal>DEBUG5</>,
1078 <literal>DEBUG4</>, <literal>DEBUG3</>, <literal>DEBUG2</>,
1079 <literal>DEBUG1</>, <literal>INFO</>, <literal>NOTICE</>,
1080 <literal>WARNING</>, <literal>ERROR</>, <literal>LOG</>,
1081 <literal>FATAL</>, and <literal>PANIC</>. Later values send
1082 less detail to the logs. The default is <literal>NOTICE</>.
1083 Note that <literal>LOG</> has a different precedence here than
1084 in <literal>CLIENT_MIN_MESSAGES</>. Also see that section
1085 for an explanation of the various values.
1092 <term><varname>LOG_PID</varname> (<type>boolean</type>)</term>
1095 Prefixes each server message in the log file with the process ID of
1096 the backend process. This is useful to sort out which messages
1097 pertain to which connection. The default is off. This parameter
1098 does not affect messages logged via <application>syslog</>, which always contain
1105 <term><varname>LOG_STATEMENT</varname> (<type>boolean</type>)</term>
1108 Causes each SQL statement to be logged.
1114 <term><varname>LOG_TIMESTAMP</varname> (<type>boolean</type>)</term>
1117 Prefixes each server log message with a time stamp. The default
1124 <term><varname>LOG_STATEMENT_STATS</varname> (<type>boolean</type>)</term>
1125 <term><varname>LOG_PARSER_STATS</varname> (<type>boolean</type>)</term>
1126 <term><varname>LOG_PLANNER_STATS</varname> (<type>boolean</type>)</term>
1127 <term><varname>LOG_EXECUTOR_STATS</varname> (<type>boolean</type>)</term>
1130 For each query, write performance statistics of the respective
1131 module to the server log. This is a crude profiling
1138 <term><varname>LOG_SOURCE_PORT</varname> (<type>boolean</type>)</term>
1141 Shows the outgoing port number of the connecting host in the
1142 connection log messages. You could trace back the port number
1143 to find out what user initiated the connection. Other than
1144 that, it's pretty useless and therefore off by default. This
1145 option can only be set at server start.
1151 <term><varname>STATS_COMMAND_STRING</varname> (<type>boolean</type>)</term>
1152 <term><varname>STATS_BLOCK_LEVEL</varname> (<type>boolean</type>)</term>
1153 <term><varname>STATS_ROW_LEVEL</varname> (<type>boolean</type>)</term>
1156 These flags determine what information backends send to the statistics
1157 collector process: current commands, block-level activity statistics,
1158 or row-level activity statistics. All default to off. Enabling
1159 statistics collection costs a small amount of time per query, but
1160 is invaluable for debugging and performance tuning.
1166 <term><varname>STATS_RESET_ON_SERVER_START</varname> (<type>boolean</type>)</term>
1169 If on, collected statistics are zeroed out whenever the server
1170 is restarted. If off, statistics are accumulated across server
1171 restarts. The default is on. This option can only be set at
1178 <term><varname>STATS_START_COLLECTOR</varname> (<type>boolean</type>)</term>
1181 Controls whether the server should start the statistics-collection
1182 subprocess. This is on by default, but may be turned off if you
1183 know you have no interest in collecting statistics. This option
1184 can only be set at server start.
1190 <term><varname>SYSLOG</varname> (<type>integer</type>)</term>
1193 <productname>PostgreSQL</productname> allows the use of
1194 <systemitem>syslog</systemitem> for logging. If this option is
1195 set to 1, messages go both to <systemitem>syslog</> and the
1196 standard output. A setting of 2 sends output only to
1197 <systemitem>syslog</>. (Some messages will still go to the
1198 standard output/error.) The default is 0, which means
1199 <systemitem>syslog</> is off. This option must be set at server
1206 <term><varname>SYSLOG_FACILITY</varname> (<type>string</type>)</term>
1209 This option determines the <application>syslog</application>
1210 <quote>facility</quote> to be used when
1211 <application>syslog</application> is enabled. You may choose
1212 from <literal>LOCAL0</>, <literal>LOCAL1</>,
1213 <literal>LOCAL2</>, <literal>LOCAL3</>, <literal>LOCAL4</>,
1214 <literal>LOCAL5</>, <literal>LOCAL6</>, <literal>LOCAL7</>;
1215 the default is <literal>LOCAL0</>. See also the
1216 documentation of your system's
1217 <application>syslog</application>.
1223 <term><varname>SYSLOG_IDENT</varname> (<type>string</type>)</term>
1226 If logging to <application>syslog</> is enabled, this option
1227 determines the program name used to identify
1228 <productname>PostgreSQL</productname> messages in
1229 <application>syslog</application> log messages. The default is
1230 <literal>postgres</literal>.
1236 <term><varname>TRACE_NOTIFY</varname> (<type>boolean</type>)</term>
1239 Generates a great amount of debugging output for the
1240 <command>LISTEN</command> and <command>NOTIFY</command>
1249 <sect2 id="runtime-config-general">
1250 <title>General Operation</title>
1255 <term><varname>AUTOCOMMIT</varname> (<type>boolean</type>)</term>
1256 <indexterm><primary>autocommit</></>
1259 If set to true, <productname>PostgreSQL</productname> will
1260 automatically do a <command>COMMIT</> after each successful command
1261 that is not inside an explicit transaction block (that is, unless a
1262 <command>BEGIN</> with no matching <command>COMMIT</> has been
1264 If set to false, <productname>PostgreSQL</productname> will
1265 commit only upon receiving an explicit
1266 <command>COMMIT</> command. This mode can also be thought of as
1267 implicitly issuing <command>BEGIN</> whenever a command is
1268 received that is not already inside a transaction block. The
1269 default is true, for compatibility with historical
1270 <productname>PostgreSQL</productname> behavior. However, for
1271 maximum compatibility with the SQL specification, set it to
1277 Even with <varname>autocommit</> set to false, <command>SET</>,
1278 <command>SHOW</>, and <command>RESET</> do not start new
1279 transaction blocks. They are run in their own transactions.
1280 Once another command is issued, a transaction block
1281 begins and any <command>SET</>, <command>SHOW</>, or
1282 <command>RESET</> commands are considered to be part of the
1283 transaction, i.e., they are committed or rolled back depending
1284 on the completion status of the transaction. To execute a
1285 <command>SET</>, <command>SHOW</>, or <command>RESET</>
1286 command at the start of a transaction block, use <command>BEGIN</>
1293 As of <productname>PostgreSQL</productname> 7.3, setting
1294 <varname>autocommit</> to false is not well-supported.
1295 This is a new feature and is not yet handled by all client
1296 libraries and applications. Before making it the default
1297 setting in your installation, test carefully.
1305 <term><varname>AUSTRALIAN_TIMEZONES</varname> (<type>boolean</type>)</term>
1306 <indexterm><primary>Australian time zones</></>
1309 If set to true, <literal>CST</literal>, <literal>EST</literal>,
1310 and <literal>SAT</literal> are interpreted as Australian
1311 time zones rather than as North American Central/Eastern
1312 time zones and Saturday. The default is false.
1318 <term><varname>AUTHENTICATION_TIMEOUT</varname> (<type>integer</type>)</term>
1319 <indexterm><primary>timeout</><secondary>authentication</></indexterm>
1322 Maximum time to complete client authentication, in seconds. If a
1323 would-be client has not completed the authentication protocol in
1324 this much time, the server breaks the connection. This prevents
1325 hung clients from occupying a connection indefinitely. This
1326 option can only be set at server start or in the
1327 <filename>postgresql.conf</filename> file.
1333 <term><varname>CLIENT_ENCODING</varname> (<type>string</type>)</term>
1334 <indexterm><primary>character set encoding</></>
1337 Sets the client-side encoding for multibyte character sets.
1338 The default is to use the database encoding.
1344 <term><varname>DATESTYLE</varname> (<type>string</type>)</term>
1345 <indexterm><primary>date style</></>
1348 Sets the display format for dates, as well as the rules for
1349 interpreting ambiguous input dates.
1350 The default is <literal>ISO, US</>.
1356 <term><varname>DB_USER_NAMESPACE</varname> (<type>boolean</type>)</term>
1359 This allows per-database user names. It is off by default.
1363 If this is on, create users as <literal> username@dbname</>.
1364 When <literal>username</> is passed by a connecting client,
1365 <literal>@</> and the database name is appended to the user
1366 name and that database-specific user name is looked up by the
1367 server. Note that when you create users with names containing
1368 <literal>@</> within the SQL environment, you will need to
1369 quote the user name.
1373 With this option enabled, you can still create ordinary global
1374 users. Simply append <literal>@</> when specifying the user
1375 name in the client. The <literal>@</> will be stripped off
1376 before the user name is looked up by the server.
1381 This feature is intended as a temporary measure until a
1382 complete solution is found. At that time, this option will
1391 <primary>deadlock</primary>
1392 <secondary>timeout</secondary>
1395 <primary>timeout</primary>
1396 <secondary>deadlock</secondary>
1399 <term><varname>DEADLOCK_TIMEOUT</varname> (<type>integer</type>)</term>
1402 This is the amount of time, in milliseconds, to wait on a lock
1403 before checking to see if there is a deadlock condition. The
1404 check for deadlock is relatively slow, so the server doesn't run
1405 it every time it waits for a lock. We (optimistically?) assume
1406 that deadlocks are not common in production applications and
1407 just wait on the lock for a while before starting check for a
1408 deadlock. Increasing this value reduces the amount of time
1409 wasted in needless deadlock checks, but slows down reporting of
1410 real deadlock errors. The default is 1000 (i.e., one second),
1411 which is probably about the smallest value you would want in
1412 practice. On a heavily loaded server you might want to raise it.
1413 Ideally the setting should exceed your typical transaction time,
1414 so as to improve the odds that the lock will be released before
1415 the waiter decides to check for deadlock. This option can only
1416 be set at server start.
1423 <primary>transaction isolation level</primary>
1426 <term><varname>DEFAULT_TRANSACTION_ISOLATION</varname> (<type>string</type>)</term>
1429 Each SQL transaction has an isolation level, which can be either
1430 <quote>read committed</quote> or <quote>serializable</quote>.
1431 This parameter controls the default isolation level of each new
1432 transaction. The default is <quote>read committed</quote>.
1436 Consult the &cite-user; and
1437 the command <command>SET TRANSACTION</command> for more
1444 <term><varname>DYNAMIC_LIBRARY_PATH</varname> (<type>string</type>)</term>
1445 <indexterm><primary>dynamic_library_path</></>
1446 <indexterm><primary>dynamic loading</></>
1449 If a dynamically loadable module needs to be opened and the
1450 specified name does not have a directory component (i.e. the
1451 name does not contain a slash), the system will search this
1452 path for the specified file. (The name that is used is the
1453 name specified in the <command>CREATE FUNCTION</command> or
1454 <command>LOAD</command> command.)
1458 The value for dynamic_library_path has to be a colon-separated
1459 list of absolute directory names. If a directory name starts
1460 with the special value <literal>$libdir</literal>, the
1461 compiled-in <productname>PostgreSQL</productname> package
1462 library directory is substituted. This where the modules
1463 provided by the <productname>PostgreSQL</productname>
1464 distribution are installed. (Use <literal>pg_config
1465 --pkglibdir</literal> to print the name of this directory.) For
1468 dynamic_library_path = '/usr/local/lib/postgresql:/home/my_project/lib:$libdir'
1473 The default value for this parameter is
1474 <literal>'$libdir'</literal>. If the value is set to an empty
1475 string, the automatic path search is turned off.
1479 This parameter can be changed at run time by superusers, but a
1480 setting done that way will only persist until the end of the
1481 client connection, so this method should be reserved for
1482 development purposes. The recommended way to set this parameter
1483 is in the <filename>postgresql.conf</filename> configuration
1491 <primary>significant digits</primary>
1494 <primary>display</primary>
1495 <secondary>of float numbers</secondary>
1498 <term><varname>EXTRA_FLOAT_DIGITS</varname> (<type>integer</type>)</term>
1501 This parameter adjusts the number of digits displayed for
1502 floating-point values, including <type>float4</>, <type>float8</>,
1503 and geometric datatypes. The parameter value is added to the
1504 standard number of digits (<literal>FLT_DIG</> or <literal>DBL_DIG</>
1505 as appropriate). The value can be set as high as 2, to include
1506 partially-significant digits; this is especially useful for dumping
1507 float data that needs to be restored exactly. Or it can be set
1508 negative to suppress unwanted digits.
1514 <term><varname>KRB_SERVER_KEYFILE</varname> (<type>string</type>)</term>
1517 Sets the location of the Kerberos server key file. See
1518 <xref linkend="kerberos-auth"> for details.
1525 <primary>fsync</primary>
1528 <term><varname>FSYNC</varname> (<type>boolean</type>)</term>
1531 If this option is on, the <productname>PostgreSQL</> backend
1532 will use the <function>fsync()</> system call in several places
1533 to make sure that updates are physically written to disk. This
1534 insures that a database installation will recover to a
1535 consistent state after an operating system or hardware crash.
1536 (Crashes of the database server itself are <emphasis>not</>
1541 However, this operation does slow down
1542 <productname>PostgreSQL</> because at transaction commit it has
1543 wait for the operating system to flush the write-ahead log.
1544 Without <function>fsync</>, the operating system is allowed to
1545 do its best in buffering, sorting, and delaying writes, which
1546 can considerably increase performance. However, if the system
1547 crashes, the results of the last few committed transactions may
1548 be lost in part or whole. In the worst case, unrecoverable data
1549 corruption may occur.
1553 For the above reasons, some administrators always leave it off,
1554 some turn it off only for bulk loads, where there is a clear
1555 restart point if something goes wrong, and some leave it on just
1556 to be on the safe side. Because it is always safe, the default
1557 is on. If you trust your operating system, your hardware, and
1558 your utility company (or better your UPS), you might want to
1559 disable <varname>fsync</varname>.
1563 It should be noted that the performance penalty of doing
1564 <function>fsync</>s is considerably less in
1565 <productname>PostgreSQL</> version 7.1 and later. If you
1566 previously suppressed <function>fsync</>s for performance
1567 reasons, you may wish to reconsider your choice.
1571 This option can only be set at server start or in the
1572 <filename>postgresql.conf</filename> file.
1578 <term><varname>LC_MESSAGES</varname> (<type>string</type>)</term>
1581 Sets the language in which messages are displayed. Acceptable
1582 values are system-dependent; see <xref linkend="locale"> for
1583 more information. If this variable is set to the empty string
1584 (which is the default) then the value is inherited from the
1585 execution environment of the server in a system-dependent way.
1589 On some systems, this locale category does not exist. Setting
1590 this variable will still work, but there will be no effect.
1591 Also, there is a chance that no translated messages for the
1592 desired language exist. In that case you will continue to see
1593 the English messages.
1599 <term><varname>LC_MONETARY</varname> (<type>string</type>)</term>
1602 Sets the locale to use for formatting monetary amounts, for
1603 example with the <function>to_char()</function> family of
1604 functions. Acceptable values are system-dependent; see <xref
1605 linkend="locale"> for more information. If this variable is
1606 set to the empty string (which is the default) then the value
1607 is inherited from the execution environment of the server in a
1608 system-dependent way.
1614 <term><varname>LC_NUMERIC</varname> (<type>string</type>)</term>
1617 Sets the locale to use for formatting numbers, for example
1618 with the <function>to_char()</function> family of
1619 functions. Acceptable values are system-dependent; see <xref
1620 linkend="locale"> for more information. If this variable is
1621 set to the empty string (which is the default) then the value
1622 is inherited from the execution environment of the server in a
1623 system-dependent way.
1629 <term><varname>LC_TIME</varname> (<type>string</type>)</term>
1632 Sets the locale to use for formatting date and time values.
1633 (Currently, this setting does nothing, but it may in the
1634 future.) Acceptable values are system-dependent; see <xref
1635 linkend="locale"> for more information. If this variable is
1636 set to the empty string (which is the default) then the value
1637 is inherited from the execution environment of the server in a
1638 system-dependent way.
1644 <term><varname>MAX_CONNECTIONS</varname> (<type>integer</type>)</term>
1647 Determines the maximum number of concurrent connections to the
1648 database server. The default is 32 (unless altered while
1649 building the server). This parameter can only be set at server
1656 <term><varname>MAX_EXPR_DEPTH</varname> (<type>integer</type>)</term>
1659 Sets the maximum expression nesting depth of the parser. The
1660 default value is high enough for any normal query, but you can
1661 raise it if needed. (But if you raise it too high, you run
1662 the risk of backend crashes due to stack overflow.)
1668 <term><varname>MAX_FILES_PER_PROCESS</varname> (<type>integer</type>)</term>
1671 Sets the maximum number of simultaneously open files in each
1672 server subprocess. The default is 1000. The limit actually used
1673 by the code is the smaller of this setting and the result of
1674 <literal>sysconf(_SC_OPEN_MAX)</literal>. Therefore, on systems
1675 where <function>sysconf</> returns a reasonable limit, you don't
1676 need to worry about this setting. But on some platforms
1677 (notably, most BSD systems), <function>sysconf</> returns a
1678 value that is much larger than the system can really support
1679 when a large number of processes all try to open that many
1680 files. If you find yourself seeing <quote>Too many open files</>
1681 failures, try reducing this setting. This option can only be set
1682 at server start or in the <filename>postgresql.conf</filename>
1683 configuration file; if changed in the configuration file, it
1684 only affects subsequently-started server subprocesses.
1690 <term><varname>MAX_FSM_RELATIONS</varname> (<type>integer</type>)</term>
1693 Sets the maximum number of relations (tables) for which free
1694 space will be tracked in the shared free-space map. The default
1695 is 100. This option can only be set at server start.
1701 <term><varname>MAX_FSM_PAGES</varname> (<type>integer</type>)</term>
1704 Sets the maximum number of disk pages for which free space will
1705 be tracked in the shared free-space map. The default is 10000.
1706 This option can only be set at server start.
1712 <term><varname>MAX_LOCKS_PER_TRANSACTION</varname> (<type>integer</type>)</term>
1715 The shared lock table is sized on the assumption that at most
1716 <varname>max_locks_per_transaction</> *
1717 <varname>max_connections</varname> distinct objects will need to
1718 be locked at any one time. The default, 64, which has historically
1719 proven sufficient, but you might need to raise this value if you
1720 have clients that touch many different tables in a single
1721 transaction. This option can only be set at server start.
1727 <term><varname>PASSWORD_ENCRYPTION</varname> (<type>boolean</type>)</term>
1730 When a password is specified in <command>CREATE USER</> or
1731 <command>ALTER USER</> without writing either <literal>ENCRYPTED</> or
1732 <literal>UNENCRYPTED</>, this flag determines whether the password is to be
1733 encrypted. The default is on (encrypt the password).
1739 <term><varname>PORT</varname> (<type>integer</type>)</term>
1740 <indexterm><primary>port</></>
1743 The TCP port the server listens on; 5432 by default. This
1744 option can only be set at server start.
1750 <term><varname>SEARCH_PATH</varname> (<type>string</type>)</term>
1751 <indexterm><primary>search_path</></>
1752 <indexterm><primary>namespaces</></>
1755 This variable specifies the order in which schemas are searched
1756 when an object (table, data type, function, etc.) is referenced by a
1757 simple name with no schema component. When there are objects of
1758 identical names in different schemas, the one found first
1759 in the search path is used. An object that is not in any of the
1760 schemas in the search path can only be referenced by specifying
1761 its containing schema with a qualified (dotted) name.
1765 The value for <varname>search_path</varname> has to be a comma-separated
1766 list of schema names. If one of the list items is
1767 the special value <literal>$user</literal>, then the schema
1768 having the same name as the <function>SESSION_USER</> is substituted, if there
1769 is such a schema. (If not, <literal>$user</literal> is ignored.)
1773 The system catalog schema, <literal>pg_catalog</>, is always
1774 searched, whether it is mentioned in the path or not. If it is
1775 mentioned in the path then it will be searched in the specified
1776 order. If <literal>pg_catalog</> is not in the path then it will
1777 be searched <emphasis>before</> searching any of the path items.
1778 It should also be noted that the temporary-table schema,
1779 <literal>pg_temp_<replaceable>nnn</></>, is implicitly searched before any of
1784 When objects are created without specifying a particular target
1785 schema, they will be placed in the first schema listed
1786 in the search path. An error is reported if the search path is
1791 The default value for this parameter is
1792 <literal>'$user, public'</literal> (where the second part will be
1793 ignored if there is no schema named <literal>public</>).
1794 This supports shared use of a database (where no users
1795 have private schemas, and all share use of <literal>public</>),
1796 private per-user schemas, and combinations of these. Other
1797 effects can be obtained by altering the default search path
1798 setting, either globally or per-user.
1803 <primary>schemas</primary>
1804 <secondary>current schema</secondary>
1806 The current effective value of the search path can be examined
1807 via the SQL function <function>current_schemas()</>. This is not
1808 quite the same as examining the value of
1809 <varname>search_path</varname>, since <function>current_schemas()</>
1810 shows how the requests appearing in <varname>search_path</varname>
1815 For more information on schema handling, see the &cite-user;.
1821 <term><varname>STATEMENT_TIMEOUT</varname> (<type>integer</type>)</term>
1824 Aborts any statement that takes over the specified number of
1825 milliseconds. A value of zero turns off the timer.
1831 <term><varname>SHARED_BUFFERS</varname> (<type>integer</type>)</term>
1834 Sets the number of shared memory buffers used by the database
1835 server. The default is 64. Each buffer is typically 8192 bytes.
1836 This option can only be set at server start.
1842 <term><varname>SILENT_MODE</varname> (<type>bool</type>)</term>
1845 Runs the server silently. If this option is set, the server
1846 will automatically run in background and any controlling ttys
1847 are disassociated, thus no messages are written to standard
1848 output or standard error (same effect as <command>postmaster</>'s <option>-S</option>
1849 option). Unless some logging system such as
1850 <application>syslog</> is enabled, using this option is
1851 discouraged since it makes it impossible to see error messages.
1857 <term><varname>SORT_MEM</varname> (<type>integer</type>)</term>
1860 Specifies the amount of memory to be used by internal sorts and
1861 hashes before switching to temporary disk files. The value is
1862 specified in kilobytes, and defaults to 1024 kilobytes (1 MB).
1863 Note that for a complex query, several sorts might be running in
1864 parallel, and each one will be allowed to use as much memory as
1865 this value specifies before it starts to put data into temporary
1866 files. Also, each running backend could be doing one or more
1867 sorts simultaneously, so the total memory used could be many
1868 times the value of <varname>SORT_MEM</varname>. Sorts are used
1869 by <literal>ORDER BY</>, merge joins, and <command>CREATE INDEX</>.
1875 <term><varname>SQL_INHERITANCE</varname> (<type>bool</type>)</term>
1876 <indexterm><primary>inheritance</></>
1879 This controls the inheritance semantics, in particular whether
1880 subtables are included by various commands by default. They were
1881 not included in versions prior to 7.1. If you need the old
1882 behavior you can set this variable to off, but in the long run
1883 you are encouraged to change your applications to use the
1884 <literal>ONLY</literal> keyword to exclude subtables. See the
1885 SQL language reference and the &cite-user; for more information about inheritance.
1892 <primary>SSL</primary>
1895 <term><varname>SSL</varname> (<type>boolean</type>)</term>
1898 Enables <acronym>SSL</> connections. Please read
1899 <xref linkend="ssl-tcp"> before using this. The default
1906 <term><varname>SUPERUSER_RESERVED_CONNECTIONS</varname>
1907 (<type>integer</type>)</term>
1910 Determines the number of <quote>connection slots</quote> that
1911 are reserved for connections by <productname>PostgreSQL</>
1912 superusers. At most <varname>max_connections</> connections can
1913 ever be active simultaneously. Whenever the number of active
1914 concurrent connections is at least <varname>max_connections</> minus
1915 <varname>superuser_reserved_connections</varname>, new connections
1916 will be accepted only from superuser accounts.
1920 The default value is 2. The value must be less than the value of
1921 <varname>max_connections</varname>. This parameter can only be
1922 set at server start.
1928 <term><varname>TCPIP_SOCKET</varname> (<type>boolean</type>)</term>
1931 If this is true, then the server will accept TCP/IP connections.
1932 Otherwise only local Unix domain socket connections are
1933 accepted. It is off by default. This option can only be set at
1940 <term><varname>TIMEZONE</varname> (<type>string</type>)</term>
1941 <indexterm><primary>time zone</></>
1944 Sets the time zone for displaying and interpreting timestamps.
1945 The default is to use whatever the system environment
1946 specifies as the time zone.
1952 <term><varname>TRANSFORM_NULL_EQUALS</varname> (<type>boolean</type>)</term>
1953 <indexterm><primary>IS NULL</></>
1956 When turned on, expressions of the form
1957 <literal><replaceable>expr</> = NULL</literal> (or <literal>NULL
1958 = <replaceable>expr</></literal>) are treated as
1959 <literal><replaceable>expr</> IS NULL</literal>, that is, they
1960 return true if <replaceable>expr</> evaluates to the null value,
1961 and false otherwise. The correct behavior of
1962 <literal><replaceable>expr</> = NULL</literal> is to always
1963 return null (unknown). Therefore this option defaults to off.
1967 However, filtered forms in <productname>Microsoft
1968 Access</productname> generate queries that appear to use
1969 <literal><replaceable>expr</> = NULL</literal> to test for
1970 null values, so if you use that interface to access the database you
1971 might want to turn this option on. Since expressions of the
1972 form <literal><replaceable>expr</> = NULL</literal> always
1973 return the null value (using the correct interpretation) they are not
1974 very useful and do not appear often in normal applications, so
1975 this option does little harm in practice. But new users are
1976 frequently confused about the semantics of expressions
1977 involving null values, so this option is not on by default.
1981 Note that this option only affects the literal <literal>=</>
1982 operator, not other comparison operators or other expressions
1983 that are computationally equivalent to some expression
1984 involving the equals operator (such as <literal>IN</literal>).
1985 Thus, this option is not a general fix for bad programming.
1989 Refer to the &cite-user; for related information.
1995 <term><varname>UNIX_SOCKET_DIRECTORY</varname> (<type>string</type>)</term>
1998 Specifies the directory of the Unix-domain socket on which the
1999 server is to listen for
2000 connections from client applications. The default is normally
2001 <filename>/tmp</filename>, but can be changed at build time.
2007 <term><varname>UNIX_SOCKET_GROUP</varname> (<type>string</type>)</term>
2010 Sets the group owner of the Unix domain socket. (The owning
2011 user of the socket is always the user that starts the
2012 server.) In combination with the option
2013 <option>UNIX_SOCKET_PERMISSIONS</option> this can be used as
2014 an additional access control mechanism for this socket type.
2015 By default this is the empty string, which uses the default
2016 group for the current user. This option can only be set at
2023 <term><varname>UNIX_SOCKET_PERMISSIONS</varname> (<type>integer</type>)</term>
2026 Sets the access permissions of the Unix domain socket. Unix
2027 domain sockets use the usual Unix file system permission set.
2028 The option value is expected to be an numeric mode
2029 specification in the form accepted by the
2030 <function>chmod</function> and <function>umask</function>
2031 system calls. (To use the customary octal format the number
2032 must start with a <literal>0</literal> (zero).)
2036 The default permissions are <literal>0777</literal>, meaning
2037 anyone can connect. Reasonable alternatives are
2038 <literal>0770</literal> (only user and group, see also under
2039 <option>UNIX_SOCKET_GROUP</option>) and <literal>0700</literal>
2040 (only user). (Note that actually for a Unix domain socket, only write
2041 permission matters and there is no point in setting or revoking
2042 read or execute permissions.)
2046 This access control mechanism is independent of the one
2047 described in <xref linkend="client-authentication">.
2051 This option can only be set at server start.
2057 <term><varname>VACUUM_MEM</varname> (<type>integer</type>)</term>
2060 Specifies the maximum amount of memory to be used by
2061 <command>VACUUM</command> to keep track of to-be-reclaimed
2062 tuples. The value is specified in kilobytes, and defaults to
2063 8192 kilobytes. Larger settings may improve the speed of
2064 vacuuming large tables that have many deleted tuples.
2070 <term><varname>VIRTUAL_HOST</varname> (<type>string</type>)</term>
2073 Specifies the TCP/IP host name or address on which the
2074 <application>postmaster</application> is to listen for
2075 connections from client applications. Defaults to listening on
2076 all configured addresses (including <systemitem
2077 class="systemname">localhost</>).
2086 <sect2 id="runtime-config-wal">
2090 See also <xref linkend="wal-configuration"> for details on WAL
2095 <term><varname>CHECKPOINT_SEGMENTS</varname> (<type>integer</type>)</term>
2098 Maximum distance between automatic WAL checkpoints, in log file
2099 segments (each segment is normally 16 megabytes).
2100 This option can only be set at server start or in the
2101 <filename>postgresql.conf</filename> file.
2107 <term><varname>CHECKPOINT_TIMEOUT</varname> (<type>integer</type>)</term>
2110 Maximum time between automatic WAL checkpoints, in seconds.
2111 This option can only be set at server start or in the
2112 <filename>postgresql.conf</filename> file.
2118 <term><varname>CHECKPOINT_WARNING</varname> (<type>integer</type>)</term>
2121 Send a message to the server logs if checkpoints caused by the
2122 filling of checkpoint segment files happens more frequently than
2123 this number of seconds. Zero turns off the warning.
2129 <term><varname>COMMIT_DELAY</varname> (<type>integer</type>)</term>
2132 Time delay between writing a commit record to the WAL buffer and
2133 flushing the buffer out to disk, in microseconds. A nonzero
2134 delay allows multiple transactions to be committed with only one
2135 <function>fsync</function> system call, if system load is high
2136 enough additional transactions may become ready to commit within
2137 the given interval. But the delay is just wasted if no other
2138 transactions become ready to commit. Therefore, the delay is
2139 only performed if at least <varname>COMMIT_SIBLINGS</varname> other transactions
2140 are active at the instant that a backend process has written its commit
2147 <term><varname>COMMIT_SIBLINGS</varname> (<type>integer</type>)</term>
2150 Minimum number of concurrent open transactions to require before
2151 performing the <varname>COMMIT_DELAY</> delay. A larger value
2152 makes it more probable that at least one other transaction will
2153 become ready to commit during the delay interval.
2159 <term><varname>WAL_BUFFERS</varname> (<type>integer</type>)</term>
2162 Number of disk-page buffers in shared memory for WAL logging.
2163 This option can only be set at server start.
2169 <term><varname>WAL_DEBUG</varname> (<type>integer</type>)</term>
2172 If nonzero, turn on WAL-related debugging output on standard
2179 <term><varname>WAL_SYNC_METHOD</varname> (<type>string</type>)</term>
2182 Method used for forcing WAL updates out to disk. Possible
2184 <literal>FSYNC</> (call <function>fsync()</> at each commit),
2185 <literal>FDATASYNC</> (call <function>fdatasync()</> at each commit),
2186 <literal>OPEN_SYNC</> (write WAL files with <function>open()</> option <symbol>O_SYNC</>), or
2187 <literal>OPEN_DATASYNC</> (write WAL files with <function>open()</> option <symbol>O_DSYNC</>).
2188 Not all of these choices are available on all platforms.
2189 This option can only be set at server start or in the
2190 <filename>postgresql.conf</filename> file.
2199 <sect2 id="runtime-config-short">
2200 <title>Short Options</title>
2203 For convenience there are also single letter option switches
2204 available for many parameters. They are described in <xref
2205 linkend="runtime-config-short-table">.
2208 <table id="runtime-config-short-table">
2209 <title>Short option key</title>
2213 <entry>Short option</entry>
2214 <entry>Equivalent</entry>
2220 <entry><option>-B <replaceable>x</replaceable></option></entry>
2221 <entry><literal>shared_buffers = <replaceable>x</replaceable></></entry>
2224 <entry><option>-d <replaceable>x</replaceable></option></entry>
2225 <entry><literal>log_min_messages = DEBUG<replaceable>x</replaceable></></entry>
2228 <entry><option>-F</option></entry>
2229 <entry><literal>fsync = off</></entry>
2232 <entry><option>-h <replaceable>x</replaceable></option></entry>
2233 <entry><literal>virtual_host = <replaceable>x</replaceable></></entry>
2236 <entry><option>-i</option></entry>
2237 <entry><literal>tcpip_socket = on</></entry>
2240 <entry><option>-k <replaceable>x</replaceable></option></entry>
2241 <entry><literal>unix_socket_directory = <replaceable>x</replaceable></></entry>
2244 <entry><option>-l</option></entry>
2245 <entry><literal>ssl = on</></entry>
2248 <entry><option>-N <replaceable>x</replaceable></option></entry>
2249 <entry><literal>max_connections = <replaceable>x</replaceable></></entry>
2252 <entry><option>-p <replaceable>x</replaceable></option></entry>
2253 <entry><literal>port = <replaceable>x</replaceable></></entry>
2258 <option>-fi</option>, <option>-fh</option>,
2259 <option>-fm</option>, <option>-fn</option>,
2260 <option>-fs</option>, <option>-ft</option><footnote
2261 id="fn.runtime-config-short">
2263 For historical reasons, these options must be passed to
2264 the individual backend process via the <option>-o</option>
2265 postmaster option, for example,
2267 $ <userinput>postmaster -o '-S 1024 -s'</userinput>
2269 or via <envar>PGOPTIONS</envar> from the client side, as
2275 <literal>enable_indexscan=off</>,
2276 <literal>enable_hashjoin=off</>,
2277 <literal>enable_mergejoin=off</>,
2278 <literal>enable_nestloop=off</>,
2279 <literal>enable_seqscan=off</>,
2280 <literal>enable_tidscan=off</>
2285 <entry><option>-s</option><footnoteref linkend="fn.runtime-config-short"></entry>
2286 <entry><literal>show_statement_stats = on</></entry>
2290 <entry><option>-S <replaceable>x</replaceable></option><footnoteref linkend="fn.runtime-config-short">
2292 <entry><literal>sort_mem = <replaceable>x</replaceable></></entry>
2296 <entry><option>-tpa</option>, <option>-tpl</option>, <option>-te</option><footnoteref linkend="fn.runtime-config-short"></entry>
2297 <entry><literal>log_parser_stats=on</>,
2298 <literal>log_planner_stats=on</>,
2299 <literal>log_executor_stats=on</></entry>
2309 <sect1 id="kernel-resources">
2310 <title>Managing Kernel Resources</title>
2313 A large <productname>PostgreSQL</> installation can quickly exhaust
2314 various operating system resource limits. (On some systems, the
2315 factory defaults are so low that you don't even need a really
2316 <quote>large</> installation.) If you have encountered this kind of
2317 problem, keep reading.
2320 <sect2 id="sysvipc">
2321 <title>Shared Memory and Semaphores</title>
2323 <indexterm zone="sysvipc">
2324 <primary>shared memory</primary>
2327 <indexterm zone="sysvipc">
2328 <primary>semaphores</primary>
2332 Shared memory and semaphores are collectively referred to as
2333 <quote><systemitem class="osname">System V</>
2334 <acronym>IPC</></quote> (together with message queues, which are not
2335 relevant for <productname>PostgreSQL</>). Almost all modern
2336 operating systems provide these features, but not all of them have
2337 them turned on or sufficiently sized by default, especially systems
2338 with BSD heritage. (For the <systemitem class="osname">QNX</> and
2339 <systemitem class="osname">BeOS</> ports, <productname>PostgreSQL</>
2340 provides its own replacement implementation of these facilities.)
2344 The complete lack of these facilities is usually manifested by an
2345 <errorname>Illegal system call</> error upon postmaster start. In
2346 that case there's nothing left to do but to reconfigure your
2347 kernel -- <productname>PostgreSQL</> won't work without them.
2351 When <productname>PostgreSQL</> exceeds one of the various hard
2352 <acronym>IPC</> limits, the postmaster will refuse to start and
2353 should leave an instructive error message describing the problem
2354 encountered and what to do about it. (See also <xref
2355 linkend="postmaster-start-failures">.) The relevant kernel
2356 parameters are named consistently across different systems; <xref
2357 linkend="sysvipc-parameters"> gives an overview. The methods to set
2358 them, however, vary. Suggestions for some platforms are given below.
2359 Be warned that it is often necessary to reboot your machine, and
2360 possibly even recompile the kernel, to change these settings.
2364 <table id="sysvipc-parameters">
2365 <title><systemitem class="osname">System V</> <acronym>IPC</> parameters</>
2371 <entry>Description</>
2372 <entry>Reasonable values</>
2378 <entry><varname>SHMMAX</></>
2379 <entry>Maximum size of shared memory segment (bytes)</>
2380 <entry>250kB + 8.2 kB * <varname>shared_buffers</> + 14.2 kB * <varname>max_connections</> or infinity</entry>
2384 <entry><varname>SHMMIN</></>
2385 <entry>Minimum size of shared memory segment (bytes)</>
2390 <entry><varname>SHMALL</></>
2391 <entry>Total amount of shared memory available (bytes or pages)</>
2392 <entry>if bytes, same as <varname>SHMMAX</varname>; if pages, <literal>ceil(SHMMAX/PAGE_SIZE)</literal></>
2396 <entry><varname>SHMSEG</></>
2397 <entry>Maximum number of shared memory segments per process</>
2398 <entry>only 1 segment is needed, but the default is much higher</>
2402 <entry><varname>SHMMNI</></>
2403 <entry>Maximum number of shared memory segments system-wide</>
2404 <entry>like <varname>SHMSEG</> plus room for other applications</>
2408 <entry><varname>SEMMNI</></>
2409 <entry>Maximum number of semaphore identifiers (i.e., sets)</>
2410 <entry><literal>>= ceil(max_connections / 16)</literal></>
2414 <entry><varname>SEMMNS</></>
2415 <entry>Maximum number of semaphores system-wide</>
2416 <entry><literal>ceil(max_connections / 16) * 17</literal> + room for other applications</>
2420 <entry><varname>SEMMSL</></>
2421 <entry>Maximum number of semaphores per set</>
2426 <entry><varname>SEMMAP</></>
2427 <entry>Number of entries in semaphore map</>
2432 <entry><varname>SEMVMX</></>
2433 <entry>Maximum value of semaphore</>
2434 <entry>>= 255 (The default is often 32767, don't change unless asked to.)</>
2443 <indexterm><primary>SHMMAX</primary></indexterm> The most important
2444 shared memory parameter is <varname>SHMMAX</>, the maximum size, in
2445 bytes, of a shared memory segment. If you get an error message from
2446 <function>shmget</> like <errorname>Invalid argument</>, it is
2447 possible that this limit has been exceeded. The size of the required
2448 shared memory segment varies both with the number of requested
2449 buffers (<option>-B</> option) and the number of allowed connections
2450 (<option>-N</> option), although the former is the most significant.
2451 (You can, as a temporary solution, lower these settings to eliminate
2452 the failure.) As a rough approximation, you can estimate the
2453 required segment size by multiplying the number of buffers and the
2454 block size (8 kB by default) plus ample overhead (at least half a
2455 megabyte). Any error message you might get will contain the size of
2456 the failed allocation request.
2460 Less likely to cause problems is the minimum size for shared
2461 memory segments (<varname>SHMMIN</>), which should be at most
2462 approximately 256 kB for <productname>PostgreSQL</> (it is
2463 usually just 1). The maximum number of segments system-wide
2464 (<varname>SHMMNI</>) or per-process (<varname>SHMSEG</>) should
2465 not cause a problem unless your system has them set to zero. Some
2466 systems also have a limit on the total amount of shared memory in
2467 the system; see the platform-specific instructions below.
2471 <productname>PostgreSQL</> uses one semaphore per allowed connection
2472 (<option>-N</> option), in sets of 16. Each such set will also
2473 contain a 17th semaphore which contains a <quote>magic
2474 number</quote>, to detect collision with semaphore sets used by
2475 other applications. The maximum number of semaphores in the system
2476 is set by <varname>SEMMNS</>, which consequently must be at least
2477 as high as the connection setting plus one extra for each 16
2478 allowed connections (see the formula in <xref
2479 linkend="sysvipc-parameters">). The parameter <varname>SEMMNI</>
2480 determines the limit on the number of semaphore sets that can
2481 exist on the system at one time. Hence this parameter must be at
2482 least <literal>ceil(max_connections / 16)</>. Lowering the number
2483 of allowed connections is a temporary workaround for failures,
2484 which are usually confusingly worded <quote><errorname>No space
2485 left on device</></>, from the function <function>semget()</>.
2489 In some cases it might also be necessary to increase
2490 <varname>SEMMAP</> to be at least on the order of
2491 <varname>SEMMNS</>. This parameter defines the size of the semaphore
2492 resource map, in which each contiguous block of available semaphores
2493 needs an entry. When a semaphore set is freed it is either added to
2494 an existing entry that is adjacent to the freed block or it is
2495 registered under a new map entry. If the map is full, the freed
2496 semaphores get lost (until reboot). Fragmentation of the semaphore
2497 space could over time lead to fewer available semaphores than there
2502 The <varname>SEMMSL</> parameter, which determines how many
2503 semaphores can be in a set, must be at least 17 for
2504 <productname>PostgreSQL</>.
2508 Various other settings related to <quote>semaphore undo</>, such as
2509 <varname>SEMMNU</> and <varname>SEMUME</>, are not of concern
2510 for <productname>PostgreSQL</>.
2518 <term><systemitem class="osname">BSD/OS</></term>
2519 <indexterm><primary>BSD/OS</></>
2522 <title>Shared Memory</>
2524 By default, only 4 MB of shared memory is supported. Keep in
2525 mind that shared memory is not pageable; it is locked in RAM.
2526 To increase the number of shared buffers supported by the
2527 postmaster, add the following to your kernel configuration
2528 file. A <varname>SHMALL</> value of 1024 represents 4 MB of
2529 shared memory. The following increases the maximum shared
2530 memory area to 32 MB:
2532 options "SHMALL=8192"
2533 options "SHMMAX=\(SHMALL*PAGE_SIZE\)"
2539 For those running 4.1 or later, just make the above changes,
2540 recompile the kernel, and reboot. For those running earlier
2541 releases, use <command>bpatch</> to find the
2542 <varname>sysptsize</> value in the current kernel. This is
2543 computed dynamically at boot time.
2545 $ <userinput>bpatch -r sysptsize</>
2546 <computeroutput>0x9 = 9</>
2548 Next, add <varname>SYSPTSIZE</> as a hard-coded value in the
2549 kernel configuration file. Increase the value you found using
2550 <application>bpatch</>. Add 1 for every additional 4 MB of
2551 shared memory you desire.
2553 options "SYSPTSIZE=16"
2555 <varname>sysptsize</> cannot be changed by <command>sysctl</command>.
2559 <title>Semaphores</>
2561 You may need to increase the number of semaphores. By default,
2562 <productname>PostgreSQL</> allocates 34 semaphores, which is
2563 over half the default system total of 60.
2568 Set the values you want in your kernel configuration file, e.g.:
2571 options "SEMMNS=240"
2573 options "SEMMNU=120"
2581 <term><systemitem class="osname">FreeBSD</></term>
2582 <term><systemitem class="osname">NetBSD</></term>
2583 <term><systemitem class="osname">OpenBSD</></term>
2584 <indexterm><primary>FreeBSD</></>
2585 <indexterm><primary>NetBSD</></>
2586 <indexterm><primary>OpenBSD</></>
2589 The options <varname>SYSVSHM</> and <varname>SYSVSEM</> need
2590 to be enabled when the kernel is compiled. (They are by
2591 default.) The maximum size of shared memory is determined by
2592 the option <varname>SHMMAXPGS</> (in pages). The following
2593 shows an example of how to set the various parameters:
2596 options SHMMAXPGS=4096
2605 (On <systemitem class="osname">NetBSD</> and <systemitem
2606 class="osname">OpenBSD</> the key word is actually
2607 <literal>option</literal> singular.)
2610 You may also want to use the <application>sysctl</> setting to
2611 lock shared memory into RAM and prevent it from being paged out
2619 <term><systemitem class="osname">HP-UX</></term>
2620 <indexterm><primary>HP-UX</></>
2623 The default settings tend to suffice for normal installations.
2624 On <productname>HP-UX</> 10, the factory default for
2625 <varname>SEMMNS</> is 128, which might be too low for larger
2629 <acronym>IPC</> parameters can be set in the <application>System
2630 Administration Manager</> (<acronym>SAM</>) under
2631 <menuchoice><guimenu>Kernel
2632 Configuration</><guimenuitem>Configurable Parameters</></>. Hit
2633 <guibutton>Create A New Kernel</> when you're done.
2640 <term><systemitem class="osname">Linux</></term>
2641 <indexterm><primary>Linux</></>
2644 The default shared memory limit (both
2645 <varname>SHMMAX</varname> and <varname>SHMALL</varname>) is 32
2646 MB in 2.2 kernels, but it can be changed in the
2647 <filename>proc</filename> file system (without reboot). For
2648 example, to allow 128 MB:
2650 <prompt>$</prompt> <userinput>echo 134217728 >/proc/sys/kernel/shmall</userinput>
2651 <prompt>$</prompt> <userinput>echo 134217728 >/proc/sys/kernel/shmmax</userinput>
2653 You could put these commands into a script run at boot-time.
2657 Alternatively, you can use
2658 <citerefentry><refentrytitle>sysctl</refentrytitle>
2659 <manvolnum>8</manvolnum></citerefentry>, if available, to
2660 control these parameters. Look for a file called
2661 <filename>/etc/sysctl.conf</filename> and add lines like the
2664 kernel.shmall = 134217728
2665 kernel.shmmax = 134217728
2667 This file is usually processed at boot time, but
2668 <application>sysctl</application> can also be called
2673 Other parameters are sufficiently sized for any application. If
2674 you want to see for yourself look in
2675 <filename>/usr/src/linux/include/asm-<replaceable>xxx</>/shmpara
2676 m.h</> and <filename>/usr/src/linux/include/linux/sem.h</>.
2683 <term><systemitem class="osname">OS/X</></term>
2684 <indexterm><primary>OS/X</></>
2688 <filename>/System/Library/StartupItems/SystemTuning/SystemTuning
2689 </> and edit the following values:
2691 sysctl -w kern.sysv.shmmax
2692 sysctl -w kern.sysv.shmmin
2693 sysctl -w kern.sysv.shmmni
2694 sysctl -w kern.sysv.shmseg
2695 sysctl -w kern.sysv.shmall
2697 These values have the same meanings on OS/X as those listed for
2698 previous operating systems.
2705 <term><systemitem class="osname">SCO OpenServer</></term>
2706 <indexterm><primary>SCO OpenServer</></>
2709 In the default configuration, only 512 kB of shared memory per
2710 segment is allowed, which is about enough for <option>-B 24 -N
2711 12</>. To increase the setting, first change directory to
2712 <filename>/etc/conf/cf.d</>. To display the current value of
2713 <varname>SHMMAX</>, in bytes, run
2715 ./configure -y SHMMAX
2717 To set a new value for <varname>SHMMAX</>, run:
2719 ./configure SHMMAX=<replaceable>value</>
2721 where <replaceable>value</> is the new value you want to use
2722 (in bytes). After setting <varname>SHMMAX</>, rebuild the kernel
2733 <term><systemitem class="osname">Solaris</></term>
2734 <indexterm><primary>Solaris</></>
2737 At least in version 2.6, the default maximum size of a shared
2738 memory segments is too low for <productname>PostgreSQL</>. The
2739 relevant settings can be changed in <filename>/etc/system</>,
2742 set shmsys:shminfo_shmmax=0x2000000
2743 set shmsys:shminfo_shmmin=1
2744 set shmsys:shminfo_shmmni=256
2745 set shmsys:shminfo_shmseg=256
2747 set semsys:seminfo_semmap=256
2748 set semsys:seminfo_semmni=512
2749 set semsys:seminfo_semmns=512
2750 set semsys:seminfo_semmsl=32
2752 You need to reboot for the changes to take effect.
2757 url="http://www.sunworld.com/swol-09-1997/swol-09-insidesolaris.html"></>
2758 for information on shared memory under
2759 <productname>Solaris</>.
2766 <term><systemitem class="osname">UnixWare</></term>
2767 <indexterm><primary>UnixWare</></>
2770 On <productname>UnixWare</> 7, the maximum size for shared
2771 memory segments is 512 kB in the default configuration. This
2772 is enough for about <option>-B 24 -N 12</>. To display the
2773 current value of <varname>SHMMAX</>, run
2775 /etc/conf/bin/idtune -g SHMMAX
2777 which displays the current, default, minimum, and maximum
2778 values, in bytes. To set a new value for <varname>SHMMAX</>,
2781 /etc/conf/bin/idtune SHMMAX <replaceable>value</>
2783 where <replaceable>value</> is the new value you want to use
2784 (in bytes). After setting <varname>SHMMAX</>, rebuild the
2787 /etc/conf/bin/idbuild -B
2801 <title>Resource Limits</title>
2804 Unix-like operating systems enforce various kinds of resource limits
2805 that might interfere with the operation of your
2806 <productname>PostgreSQL</productname> server. Of particular
2807 importance are limits on the number of processes per user, the
2808 number of open files per process, and the amount of memory available
2809 to each process. Each of these have a <quote>hard</quote> and a
2810 <quote>soft</quote> limit. The soft limit is what actually counts
2811 but it can be changed by the user up to the hard limit. The hard
2812 limit can only be changed by the root user. The system call
2813 <function>setrlimit</function> is responsible for setting these
2814 parameters. The shell's built-in command <command>ulimit</command>
2815 (Bourne shells) or <command>limit</command> (<application>csh</>) is
2816 used to control the resource limits from the command line. On
2817 BSD-derived systems the file <filename>/etc/login.conf</filename>
2818 controls the various resource limits set during login. See
2819 <citerefentry><refentrytitle>login.conf</refentrytitle>
2820 <manvolnum>5</manvolnum></citerefentry> for details. The relevant
2821 parameters are <varname>maxproc</varname>,
2822 <varname>openfiles</varname>, and <varname>datasize</varname>. For
2827 :datasize-cur=256M:\
2829 :openfiles-cur=256:\
2832 (<literal>-cur</literal> is the soft limit. Append
2833 <literal>-max</literal> to set the hard limit.)
2837 Kernels can also have system-wide limits on some resources.
2841 On <productname>Linux</productname>
2842 <filename>/proc/sys/fs/file-max</filename> determines the
2843 maximum number of open files that the kernel will support. It can
2844 be changed by writing a different number into the file or by
2845 adding an assignment in <filename>/etc/sysctl.conf</filename>.
2846 The maximum limit of files per process is fixed at the time the
2847 kernel is compiled; see
2848 <filename>/usr/src/linux/Documentation/proc.txt</filename> for
2856 The <productname>PostgreSQL</productname> server uses one process
2857 per connection so you should provide for at least as many processes
2858 as allowed connections, in addition to what you need for the rest
2859 of your system. This is usually not a problem but if you run
2860 several servers on one machine things might get tight.
2864 The factory default limit on open files is often set to
2865 <quote>socially friendly</quote> values that allow many users to
2866 coexist on a machine without using an inappropriate fraction of
2867 the system resources. If you run many servers on a machine this
2868 is perhaps what you want, but on dedicated servers you may want to
2873 On the other side of the coin, some systems allow individual
2874 processes to open large numbers of files; if more than a few
2875 processes do so then the system-wide limit can easily be exceeded.
2876 If you find this happening, and don't want to alter the system-wide
2877 limit, you can set <productname>PostgreSQL</productname>'s
2878 <varname>max_files_per_process</varname> configuration parameter to
2879 limit the consumption of open files.
2886 <sect1 id="postmaster-shutdown">
2887 <title>Shutting Down the Server</title>
2890 There are several ways to shut down the database server. You control
2891 the type of shutdown by sending different signals to the server
2895 <term><systemitem>SIGTERM</systemitem></term>
2898 After receiving <systemitem>SIGTERM</systemitem>, the postmaster
2899 disallows new connections, but lets existing backends end their
2900 work normally. It shuts down only after all of the backends
2901 terminate normally. This is <firstterm>Smart
2902 Shutdown</firstterm>.
2908 <term><systemitem>SIGINT</systemitem></term>
2911 The postmaster disallows new connections and sends all existing
2912 backends <systemitem>SIGTERM</systemitem>, which will cause them
2913 to abort their current transactions and exit promptly. It then
2914 waits for the backends to exit and finally shuts down. This is
2915 <firstterm>Fast Shutdown</firstterm>.
2921 <term><systemitem>SIGQUIT</systemitem></term>
2923 <para> This is <firstterm>Immediate Shutdown</firstterm>, which
2924 will cause the postmaster to send a
2925 <systemitem>SIGQUIT</systemitem> to all backends and exit
2926 immediately (without properly shutting itself down). The backends
2927 likewise exit immediately upon receiving
2928 <systemitem>SIGQUIT</systemitem>. This will lead to recovery (by
2929 replaying the WAL log) upon next start-up. This is recommended
2930 only in emergencies.
2938 It is best not to use <systemitem>SIGKILL</systemitem> to shut down
2939 the postmaster. This will prevent the postmaster from releasing
2940 shared memory and semaphores, which may then have to be done by
2945 The <acronym>PID</> of the postmaster process can be found using the
2946 <application>ps</application> program, or from the file
2947 <filename>postmaster.pid</filename> in the data directory. So for
2948 example, to do a fast shutdown:
2950 $ <userinput>kill -INT `head -1 /usr/local/pgsql/data/postmaster.pid`</userinput>
2954 The program <application>pg_ctl</application> is a shell script
2955 that provides a more convenient interface for shutting down the
2960 <sect1 id="ssl-tcp">
2961 <title>Secure TCP/IP Connections with SSL</title>
2963 <indexterm zone="ssl-tcp">
2964 <primary>SSL</primary>
2968 <productname>PostgreSQL</> has native support for using
2969 <acronym>SSL</> connections to encrypt client/server communications
2970 for increased security. This requires
2971 <productname>OpenSSL</productname> be installed on both client and
2972 server systems and support enabled at build time (see <xref
2973 linkend="installation">).
2977 With <acronym>SSL</> support compiled in, the
2978 <productname>PostgreSQL</> server can be started with
2979 <acronym>SSL</> support by setting the parameter
2980 <varname>ssl</varname> to on in <filename>postgresql.conf</>. When
2981 starting in <acronym>SSL</> mode, the server will look for the
2982 files <filename>server.key</> and <filename>server.crt</> in the
2983 data directory. These files should contain the server private key
2984 and certificate respectively. These files must be set up correctly
2985 before an <acronym>SSL</>-enabled server can start. If the private key is
2986 protected with a passphrase, the server will prompt for the
2987 passphrase and will not start until it has been entered.
2991 The server will listen for both standard and <acronym>SSL</>
2992 connections on the same TCP/IP port, and will negotiate with any
2993 connecting client on whether to use <acronym>SSL</>. See <xref
2994 linkend="client-authentication"> about how to force the server to
2995 require use of <acronym>SSL</> for certain connections.
2999 For details on how to create your server private key and certificate,
3000 refer to the <productname>OpenSSL</> documentation. A simple
3001 self-signed certificate can be used to get started for testing, but a
3002 certificate signed by a certificate authority (<acronym>CA</>) (either one of the global
3003 <acronym>CAs</> or a local one) should be used in production so the
3004 client can verify the server's identity. To create a quick
3005 self-signed certificate, use the following
3006 <productname>OpenSSL</productname> command:
3008 openssl req -new -text -out server.req
3010 Fill out the information that <command>openssl</> asks for. Make sure
3011 that you enter the local host name as Common Name; the challenge
3012 password can be left blank. The script will generate a key that is
3013 passphrase protected; it will not accept a passphrase that is less
3014 than four characters long. To remove the passphrase (as you must if
3015 you want automatic start-up of the server), run the commands
3017 openssl rsa -in privkey.pem -out server.key
3020 Enter the old passphrase to unlock the existing key. Now do
3022 openssl req -x509 -in server.req -text -key server.key -out server.crt
3023 chmod og-rwx server.key
3025 to turn the certificate into a self-signed certificate and to copy the
3026 key and certificate to where the server will look for them.
3030 <sect1 id="ssh-tunnels">
3031 <title>Secure TCP/IP Connections with <application>SSH</application> Tunnels</title>
3033 <indexterm zone="ssh-tunnels">
3034 <primary>ssh</primary>
3038 <title>Acknowledgement</title>
3040 Idea taken from an email by Gene Selkov, Jr.
3041 (<email>selkovjr@mcs.anl.gov</>) written on 1999-09-08 in response
3042 to a question from Eric Marsden.
3047 One can use <application>SSH</application> to encrypt the network
3048 connection between clients and a
3049 <productname>PostgreSQL</productname> server. Done properly, this
3050 provides an adequately secure network connection.
3054 First make sure that an <application>SSH</application> server is
3055 running properly on the same machine as
3056 <productname>PostgreSQL</productname> and that you can log in using
3057 <command>ssh</command> as some user. Then you can establish a secure
3058 tunnel with a command like this from the client machine:
3060 ssh -L 3333:foo.com:5432 joe@foo.com
3062 The first number in the <option>-L</option> argument, 3333, is the
3063 port number of your end of the tunnel; it can be chosen freely. The
3064 second number, 5432, is the remote end of the tunnel -- the port
3065 number your server is using. The name or the address in between
3066 the port numbers is the host with the database server you are going
3067 to connect to. In order to connect to the database server using
3068 this tunnel, you connect to port 3333 on the local machine:
3070 psql -h localhost -p 3333 template1
3072 To the database server it will then look as though you are really
3073 user <literal>joe@foo.com</literal> and it will use whatever
3074 authentication procedure was set up for this user. In order for the
3075 tunnel setup to succeed you must be allowed to connect via
3076 <command>ssh</command> as <systemitem>joe@foo.com</systemitem>, just
3077 as if you had attempted to use <command>ssh</command> to set up a
3083 Several other applications exist that can provide secure tunnels using
3084 a procedure similar in concept to the one just described.
3092 <!-- Keep this comment at the end of the file
3097 sgml-minimize-attributes:nil
3098 sgml-always-quote-attributes:t
3101 sgml-parent-document:nil
3102 sgml-default-dtd-file:"./reference.ced"
3103 sgml-exposed-tags:nil
3104 sgml-local-catalogs:("/usr/lib/sgml/catalog")
3105 sgml-local-ecat-files:nil
projects / postgresql / blob