| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | teg(at)redhat(dot)com (Trond Eivind =?iso-8859-1?q?Glomsr=F8d?=) |
| Cc: | Peter Eisentraut <peter_e(at)gmx(dot)net>, PostgreSQL Development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Configurable path to look up dynamic libraries |
| Date: | 2001-05-15 19:43:00 |
| Message-ID: | 11393.989955780@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
teg(at)redhat(dot)com (Trond Eivind =?iso-8859-1?q?Glomsr=F8d?=) writes:
>> There is a security issue here: stuff stored in datadir is not visible
>> to random other users on the machine (since datadir is mode 700), but
>> I would not expect sysconfdir to be mode 700.
> It could be (the RPMs specify a sysconfdir of /etc/pgsql)
The usual install procedure would probably leave sysconfdir owned by
root, if one likes to install in such a way that the binaries are owned
by root (ie make, su root, make install). I'd object to a setup that's
insecure for people who aren't using RPMs.
The real bottom line here, though, is that you haven't shown me any
positive reason to move the config files out of datadir. They're not
broken where they are; and arguably they *are* data.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Eisentraut | 2001-05-15 19:45:22 | Re: Configurable path to look up dynamic libraries |
| Previous Message | Trond Eivind =?iso-8859-1?q?Glomsr=F8d?= | 2001-05-15 19:30:53 | Re: Configurable path to look up dynamic libraries |