Goulet, Dick írta:
Peter,
You may well be on the development team, but you are wrong for
one very important reason. If the Postgresql executables are owned by
root they execute with the priviledges of root. Thereby any local
created extensions like database_size also execute with the priviledges
of root. Wouldn't it be wonderful if some disgruntled person or a
hacker wrote & installed a package that did an rm -fr /?? Install
Postgres in it's own account where it's priviledges to destroy the
server are restricted. Anything else is begging for trouble.
Dick Goulet
Senior Oracle DBA
Oracle Certified 8i DBA
-----Original Message-----
From: Peter Eisentraut [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 12, 2005 7:01 PM
To: Tomeh, Husam
Cc: PgSQL ADMIN
Subject: Re: [ADMIN] Installing PostgreSQL as "postgress" versus "root"
Debate!
Tomeh, Husam wrote:
I've seen book that prefer installing PostgreSQL as root and another
one recommends otherwise by first creating a postgres account and
then installing it as postgres. In the Oracle world, you don't use
root to install the software. What is the best practice as far as
PostgreSQL goes?
The current recommendation, which is reflected in the installation
instructions, is to install the software as root and to use the
postgres user for the database files. The advice seen elsewhere in
this thread to use the postgres user also for the software files is
wrong.
Sorry, but under the UNIX security modell each process (except special
seteuid and setruid calls) get loaded, with the priviledges of the
process which loaded it. Just try executing postmaster as an ordinary
user, you will see, that it won't be able to access its data files.
Cheers
Geza
---------------------------(end of broadcast)---------------------------
TIP 8: explain analyze is your friend
