2011/10/30 Martijn van Oosterhout <klep...@svana.org>:
> On Sat, Oct 29, 2011 at 08:28:57PM +0000, Mr. Aaron W. Swenson wrote:
>> > If /tmp is the only decent place where to put the socket file on Unix
>> > when security and other concerns are considered, then sure, making
>> > distro life difficult is a good thing to do. But then let's take it to
>> > the FHS that debian and ubuntu are implementing, AFAIUI.
>> In Gentoo, we change the socket directory to /var/run/postgresql via
>> pg_config_manual.h. However, I'm not too terribly interested in pg_config
>> outputting the directory location.
> Frankly, I'm not seeing the difference between the socket directory and
> the "listen_addresses" option. When connecting you can specify the
> socket directory to use via the "host" option.
> It might even be more logical to be able to specify multiple
> directories. Given we support multiple listen sockets I can't imagine
> it would require much code.
> (And yes, just today I ran into the issue of hardcoded paths. If the
> directory it points to is not world writable then you've limited the
> users who can run the postgres server. Which is an unnecessary
> restriction imho).

For Debian, the reason is :

Description: Put server Unix sockets into /var/run/postgresql/ by default
Forwarded: No, Debian specific configuration with postgresql-common

Using /tmp for sockets allows everyone to spoof a PostgreSQL server. Thus use
/var/run/postgresql/ for "system" clusters which run as 'postgres' (user
clusters will still use /tmp). Since system cluster are by far the common case,
set it as default.

Cédric Villemain +33 (0)6 20 30 22 52
PostgreSQL: Support 24x7 - Développement, Expertise et Formation

Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:

Reply via email to