Re: [DOCS] [HACKERS] What goes into the security doc?
Now that we are in beta, does someone want to tackle a "security" section in the docs? --- Dan Langille wrote: > With reference to my post to the "PostgreSQL Password Cracker" on > 2003-01-02, I've promised to write a security document for the project. > Here it is, Sunday night, and I can't sleep. What better way to get there > than start this task... > > My plan is to write this in very simple HTML. I will post the draft > document on my website and post the URL here from time to time for > feedback. Please make suggestions for content. So far, I will cover these > items: > > - .pgpass (see > http://developer.postgresql.org/docs/postgres/libpq-files.html) > - local connections > - remote connections (recommending SSL) > - pg_hba (only in passing, most of that is at > http://www.postgresql.org/idocs/index.php?client-authentication.html) > - running the postmaster as a specific user > > That doesn't sound like much. Surely you can think of something else to > add. Should I post this to another list for their views? > > OK, that's done it. I'm ready for sleep now. > > > ---(end of broadcast)--- > TIP 5: Have you checked our extensive FAQ? > > http://www.postgresql.org/users-lounge/docs/faq.html > -- Bruce Momjian| http://candle.pha.pa.us [EMAIL PROTECTED] | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup.| Newtown Square, Pennsylvania 19073 ---(end of broadcast)--- TIP 7: don't forget to increase your free space map settings
Re: [DOCS] [GENERAL] pam-linux, /etc/shadow : HOW-TO
Would someone merge this into our CVS docs and submit a patch? --- ahoward wrote: > > note: i'm no sysad, nor do i even pretend to understand pam, the linux kernel, > or postgresql, but this setup is a safe, working, postgresql/linux/pam setup. > > 0) configure postgresql for pam, for example > > [EMAIL PROTECTED] tmp]# grep pam /usr/local/pgsql/data/pg_hba.conf > hostall all 137.75.0.0255.255.0.0 pam > > 1) create a /etc/pam.d/postgresql entry, here's how i did mine > > [EMAIL PROTECTED] tmp]# cp /etc/pam.d/passwd /etc/pam.d/postgresql > > i don't know if it's the best setup, but it works! mine looks like this > > [EMAIL PROTECTED] tmp]# cat /etc/pam.d/postgresql > #%PAM-1.0 > auth required /lib/security/pam_stack.so service=system-auth > accountrequired /lib/security/pam_stack.so service=system-auth > password required /lib/security/pam_stack.so service=system-auth > > 2) create a shadow group which will be used for user's needing read-access to > /etc/shadow, and add postgres (or whatever user the postmaster runs as) to > this entry. i used vi to add this entry to /etc/group > > [EMAIL PROTECTED] tmp]# grep shadow /etc/group > shadow:*:4002:root,postgres > > root probably does not *need* to be added. > > note the '*' v.s. an 'x' in the password field. if you place an 'x' there > you will also have to set up /etc/gshadow - i did not want to do this. if > you don't set up /etc/gshadow pam will NOT work if an 'x' is in the password > field - at least with my linux system. > > 3) make /etc/shadow group shadow > > [EMAIL PROTECTED] tmp]# chgrp shadow /etc/shadow > > 4) chmod 0440 /etc/shadow > > > essentially, pam will not work with postgres since the daemon needs at some > point, no matter how many library calls deep, to open and read /etc/shadow > (assuming this is how your system is using pam). you must have some solution > which allows postgres, but not everyone, to read /etc/shadow. others probably > exist. > > -a > > -- > > | Ara Howard > | NOAA Forecast Systems Laboratory > | Information and Technology Services > | Data Systems Group > | R/FST 325 Broadway > | Boulder, CO 80305-3328 > | Email: [EMAIL PROTECTED] > | Phone: 303-497-7238 > | Fax:303-497-7259 > > > ---(end of broadcast)--- > TIP 4: Don't 'kill -9' the postmaster > -- Bruce Momjian| http://candle.pha.pa.us [EMAIL PROTECTED] | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup.| Newtown Square, Pennsylvania 19073 ---(end of broadcast)--- TIP 5: Have you checked our extensive FAQ? http://www.postgresql.org/docs/faqs/FAQ.html
Re: [DOCS] [PERFORM] PostgreSQL vs. MySQL
Do we need to add a mention of the need for tuning to the install docs? --- Andrew Sullivan wrote: > On Fri, Jul 04, 2003 at 08:07:18PM +0200, Arjen van der Meijden wrote: > > > Andrew Sullivan wrote: > > > results under production conditions, and not bother to read > > > even the basic "quickstart"-type stuff that is kicking > > > around. > > Then please point out where it sais, in the documentation, that the > > value for the shared_memory of 64 is too low and that 4000 is a nice > > value to start with? > > I think I did indeed speak too soon, as the criticism is a fair one: > nowhere in the installation instructions or the "getting started" > docs does it say that you really ought to do some tuning once you > have the system installed. Can I suggest for the time being that > something along these lines should go in 14.6.3, "Tuning the > installation": > > ---snip--- > By default, PostgreSQL is configured to run on minimal hardware. As > a result, some tuning of your installation will be necessary before > using it for anything other than extremely small databases. At the > very least, it will probably be necessary to increase your shared > buffers setting. See Chapter 16 for details on what tuning options > are available to you. > ---snip--- > > > I'm sorry to put this in a such a confronting manner, but you simply > > can't expect people to search for information that they don't know the > > existence of. > > No need to apologise; I think you're right. > > A > > -- > > Andrew Sullivan 204-4141 Yonge Street > Liberty RMS Toronto, Ontario Canada > <[EMAIL PROTECTED]> M2P 2A8 > +1 416 646 3304 x110 > > > ---(end of broadcast)--- > TIP 6: Have you searched our list archives? > >http://archives.postgresql.org > -- Bruce Momjian| http://candle.pha.pa.us [EMAIL PROTECTED] | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup.| Newtown Square, Pennsylvania 19073 ---(end of broadcast)--- TIP 8: explain analyze is your friend
Re: [DOCS] [HACKERS] What goes into the security doc?
I would say any time before 7.4 final, which should be in 4-6 weeks. --- Dan Langille wrote: > Given I'm the smartass that volunteered in the first place, perhaps I > should complete what I started. > > I work well with a deadline. When do you want this done? > > On 16 Aug 2003 at 12:41, Bruce Momjian wrote: > > > Now that we are in beta, does someone want to tackle a "security" > > section in the docs? > > > > > > --- > > > > Dan Langille wrote: > > > With reference to my post to the "PostgreSQL Password Cracker" on > > > 2003-01-02, I've promised to write a security document for the project. > > > Here it is, Sunday night, and I can't sleep. What better way to get there > > > than start this task... > > > > > > My plan is to write this in very simple HTML. I will post the draft > > > document on my website and post the URL here from time to time for > > > feedback. Please make suggestions for content. So far, I will cover these > > > items: > > > > > > - .pgpass (see > > > http://developer.postgresql.org/docs/postgres/libpq-files.html) > > > - local connections > > > - remote connections (recommending SSL) > > > - pg_hba (only in passing, most of that is at > > > http://www.postgresql.org/idocs/index.php?client-authentication.html) > > > - running the postmaster as a specific user > > > > > > That doesn't sound like much. Surely you can think of something else to > > > add. Should I post this to another list for their views? > > > > > > OK, that's done it. I'm ready for sleep now. > > > > > > > > > ---(end of broadcast)--- > > > TIP 5: Have you checked our extensive FAQ? > > > > > > http://www.postgresql.org/users-lounge/docs/faq.html > > > > > > > -- > > Bruce Momjian| http://candle.pha.pa.us > > [EMAIL PROTECTED] | (610) 359-1001 > > + If your life is a hard drive, | 13 Roberts Road > > + Christ can be your backup.| Newtown Square, Pennsylvania 19073 > > > > > -- > Dan Langille : http://www.langille.org/ > -- Bruce Momjian| http://candle.pha.pa.us [EMAIL PROTECTED] | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup.| Newtown Square, Pennsylvania 19073 ---(end of broadcast)--- TIP 7: don't forget to increase your free space map settings
Re: [DOCS] [HACKERS] What goes into the security doc?
Given I'm the smartass that volunteered in the first place, perhaps I should complete what I started. I work well with a deadline. When do you want this done? On 16 Aug 2003 at 12:41, Bruce Momjian wrote: > Now that we are in beta, does someone want to tackle a "security" > section in the docs? > > > --- > > Dan Langille wrote: > > With reference to my post to the "PostgreSQL Password Cracker" on > > 2003-01-02, I've promised to write a security document for the project. > > Here it is, Sunday night, and I can't sleep. What better way to get there > > than start this task... > > > > My plan is to write this in very simple HTML. I will post the draft > > document on my website and post the URL here from time to time for > > feedback. Please make suggestions for content. So far, I will cover these > > items: > > > > - .pgpass (see > > http://developer.postgresql.org/docs/postgres/libpq-files.html) > > - local connections > > - remote connections (recommending SSL) > > - pg_hba (only in passing, most of that is at > > http://www.postgresql.org/idocs/index.php?client-authentication.html) > > - running the postmaster as a specific user > > > > That doesn't sound like much. Surely you can think of something else to > > add. Should I post this to another list for their views? > > > > OK, that's done it. I'm ready for sleep now. > > > > > > ---(end of broadcast)--- > > TIP 5: Have you checked our extensive FAQ? > > > > http://www.postgresql.org/users-lounge/docs/faq.html > > > > -- > Bruce Momjian| http://candle.pha.pa.us > [EMAIL PROTECTED] | (610) 359-1001 > + If your life is a hard drive, | 13 Roberts Road > + Christ can be your backup.| Newtown Square, Pennsylvania 19073 > -- Dan Langille : http://www.langille.org/ ---(end of broadcast)--- TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]
Re: [DOCS] [BUGS] pg 7.4beta1 doc bug: vacuum not updated
Would someone submit a patch? --- Joseph Shraibman wrote: > The output of the vacuum command on > http://developer.postgresql.org/docs/postgres/sql-vacuum.html > shows the output of the 7.3.x version. I noticed while browsing the cvs that the > output > has changed. > > > ---(end of broadcast)--- > TIP 7: don't forget to increase your free space map settings > -- Bruce Momjian| http://candle.pha.pa.us [EMAIL PROTECTED] | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup.| Newtown Square, Pennsylvania 19073 ---(end of broadcast)--- TIP 6: Have you searched our list archives? http://archives.postgresql.org
