I wrote:
> The current recommendation, which is reflected in the installation
> instructions, is to install the software as root and to use the
> postgres user for the database files. The advice seen elsewhere in
> this thread to use the postgres user also for the software files is
> wrong.
Those
Goulet, Dick írta:
Peter,
You may well be on the development team, but you are wrong for
one very important reason. If the Postgresql executables are owned by
root they execute with the priviledges of root. Thereby any local
created extensions like database_size also execute with the pri
On Wed, 12 Jan 2005 20:52:16 -0800, Joshua D. Drake
<[EMAIL PROTECTED]> wrote:
> >Whatever, I'll keep root only for absolutely restricted use & install
> >under a separate user account. Works just fine & it makes the auditors
> >& sysadmin feel better.
> I don't argue the point of using root. I ag
* Dawid Kuroczko <[EMAIL PROTECTED]> [0117 12:17]:
> On Wed, 12 Jan 2005 20:52:16 -0800, Joshua D. Drake
> <[EMAIL PROTECTED]> wrote:
> > >Whatever, I'll keep root only for absolutely restricted use & install
> > >under a separate user account. Works just fine & it makes the auditors
> > >& sysadm
On Thu, 13 Jan 2005 12:20:41 +, Dick Davies
<[EMAIL PROTECTED]> wrote:
> > But only if either setuid root or executed by root. Hey, on my
> > system even /bin/sh is owned by root; it would be funny of it
> > executed as root
> C'mon folks, the guy obviously made a booboo - no need to rub his
>
Well, thanks for the leeway, but getting one's nose rubbed in things for
good and bad comes with the turf. If there's one thing I've learned
about software over the years it's that there are many ways to skin the
same cat, just some are less painful than others.
Anyway, to the discussion: Commerc
Those who dismiss this advice as my own imagination may want to check
how other server packages are installed on their system.
What user does sshd run under? Who owns /usr/sbin/sshd?
What user does the MTA run under? Who owns the binaries?
What user does Apache run under? Who owns the binarie
So does that mean there's no security issue using the root account to
install postrgeSQL as the first book indicated? Thanks.
--
Husam
-Original Message-
From: Joshua D. Drake [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 12, 2005 8:52 PM
To: Goulet, Dick
Cc: Stephan Szabo; Peter E
"Goulet, Dick" <[EMAIL PROTECTED]> writes:
> to Postgres install as well. I as the DBA should be able to install,
> upgrade, etc the software without access to the root account. Simply
> put the fewer people who know the root password the fewer who can
> destroy the system and the fewer who have
I'm in process of migrating data. That means lots of data munging.
I decided that while I'm coding I should go ahead and create sql syntax rather
than just some delimited file. So I produced the following code:
docflow=> INSERT INTO student (first_name, last_name, middle_name, added_by,
aff
* Dawid Kuroczko <[EMAIL PROTECTED]> [0151 12:51]:
> On Thu, 13 Jan 2005 12:20:41 +, Dick Davies
> <[EMAIL PROTECTED]> wrote:
> > > But only if either setuid root or executed by root. Hey, on my
> > > system even /bin/sh is owned by root; it would be funny of it
> > > executed as root
> > C'mo
On Thu, 2005-01-13 at 06:41, Dawid Kuroczko wrote:
> On Thu, 13 Jan 2005 12:20:41 +, Dick Davies
> <[EMAIL PROTECTED]> wrote:
> > > But only if either setuid root or executed by root. Hey, on my
> > > system even /bin/sh is owned by root; it would be funny of it
> > > executed as root
> > C'mo
Hello Folks
I am looking for some advice. I am building a Dual Opteron Cluster
using Redhat ES 3.0 x86_64 and Redhat Cluster Services this is a
failover solution. I am using a Kingston Infostation for the shared data
storage. I am nearly to the point of building the filesystems on the
Data S
Put all your eggs in one basket, and WATCH THAT BASKET.
Better yet, pay someone more reliable than oneself to watch it.
Preferably a well-paid and happy fox.
Or _maybe_ put your eggs in an invisible super-basket?
Not trolling, just checking the analogy integrity field.
M
--
On Thu, Jan 13, 2005 at 08:06:05 -0800,
"Tomeh, Husam" <[EMAIL PROTECTED]> wrote:
> So does that mean there's no security issue using the root account to
> install postrgeSQL as the first book indicated? Thanks.
This depends on who you trust. The install scripts could potentially do
bad things.
Martha Stewart called it a Good Thing when [EMAIL PROTECTED] ("Goulet, Dick")
wrote:
> You may well be on the development team, but you are wrong for
> one very important reason. If the Postgresql executables are owned by
> root they execute with the priviledges of root.
Methinks you may
In an attempt to throw the authorities off his trail, [EMAIL PROTECTED]
("Tomeh, Husam") transmitted:
> I've seen book that prefer installing PostgreSQL as root and another one
> recommends otherwise by first creating a postgres account and then
> installing it as postgres. In the Oracle world, yo
Martha Stewart called it a Good Thing when [EMAIL PROTECTED] ("Goulet, Dick")
wrote:
> Well, thanks for the leeway, but getting one's nose rubbed in things for
> good and bad comes with the turf. If there's one thing I've learned
> about software over the years it's that there are many ways to sk
Doug,
OK, Assume that the binaries are installed under root, but a
hacker cracks PostGres, what is to stop him/her from trashing all of the
database files in the first place? Their not owned by root. Installing
malware, whether it's actual code or destroying/defacing files causes
similar
On Thu, 2005-01-13 at 11:17, David Bear wrote:
> I'm in process of migrating data. That means lots of data munging.
>
> I decided that while I'm coding I should go ahead and create sql syntax rather
> than just some delimited file. So I produced the following code:
>
> docflow=> INSERT INTO stud
On Thu, Jan 13, 2005 at 10:17:47AM -0700, David Bear wrote:
> I'm in process of migrating data. That means lots of data munging.
>
> I decided that while I'm coding I should go ahead and create sql syntax rather
> than just some delimited file.
If you have a lot of data to load, then using COPY
Goulet, Dick wrote:
Doug,
OK, Assume that the binaries are installed under root, but a
hacker cracks PostGres, what is to stop him/her from trashing all of the
database files in the first place? Their not owned by root. Installing
malware, whether it's actual code or destroying/defacing files ca
On Thu, Jan 13, 2005 at 13:52:41 -0500,
"Goulet, Dick" <[EMAIL PROTECTED]> wrote:
> Doug,
>
> OK, Assume that the binaries are installed under root, but a
> hacker cracks PostGres, what is to stop him/her from trashing all of the
> database files in the first place? Their not owned by roo
Goulet, Dick wrote:
> And in my book the executables are
> of zero value whereas the data files, and their contained data, are
> of infinite value. So under your scheme we're protecting the least
> valuable part of the system at the expense of the most valuable.
No, there is no expense in that se
"Goulet, Dick" <[EMAIL PROTECTED]> writes:
> OK, Assume that the binaries are installed under root, but a
> hacker cracks PostGres, what is to stop him/her from trashing all of the
> database files in the first place? Their not owned by root. Installing
> malware, whether it's actual code
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thursday 13 January 2005 10:52 am, Goulet, Dick wrote:
> Doug,
>
> OK, Assume that the binaries are installed under root, but a
> hacker cracks PostGres, what is to stop him/her from trashing all of the
> database files in the first place? Th
On Thu, 2005-01-13 at 15:13, Uwe C. Schroeder wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On Thursday 13 January 2005 10:52 am, Goulet, Dick wrote:
> > Doug,
> >
> > OK, Assume that the binaries are installed under root, but a
> > hacker cracks PostGres, what is to stop him/he
Well, someone I can wholeheartedly agree with. So it really does not
matter who owns the binaries. Once the right account gets hacked your
had. If they hack root your dead, if they hack postgres the database is
had although the server may survive. In either case the state of your
backups is yo
Uwe C. Schroeder wrote:
[ PGP not available, raw data follows ]
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On Thursday 13 January 2005 10:52 am, Goulet, Dick wrote:
> > Doug,
> >
> > OK, Assume that the binaries are installed under root, but a
> > hacker cracks PostGres, what is to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thursday 13 January 2005 01:44 pm, Bruce Momjian wrote:
> Uwe C. Schroeder wrote:
> [ PGP not available, raw data follows ]
>
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA1
> >
> > On Thursday 13 January 2005 10:52 am, Goulet, Dick wrote:
> >
Wouldn't installing postgreSQL as postgres give me the convenience to
upgrade PostgreSQL and the database without having the SA get involved.
Is it a question of roles now? Should a DBA perform all
postgreSQL-related tasks or should that the accountability be confused
by having SA responsible for
Tomeh, Husam wrote:
Wouldn't installing postgreSQL as postgres give me the convenience to
upgrade PostgreSQL and the database without having the SA get involved.
Is it a question of roles now? Should a DBA perform all
postgreSQL-related tasks or should that the accountability be confused
by havin
Hi,
I configured Postgres with PAM. I was wondering how to implement this.
Does this mean I will still need to create individual users on the
database or can I assign users rights from a LDAP server?
D.J. Kavan
---(end of broadcast)--
Hi all,
Why did I get this error?
Could you please help me?
Regards,
Ramachandra
---(end of broadcast)---
TIP 7: don't forget to increase your free space map settings
Title: Pg8 for Windows
I have tried various version of PG for Windows and it does not appear to install. Here is the log produced by the installed, falls over when calling GetAvailableLocales()??
Action start 15:55:22: GetAvailableLocales.
MSI (c) (C4:6C): Creating MSIHANDLE (1) of type 79054
35 matches
Mail list logo
