Re: Configurable path to look up dynamic libraries

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: teg(at)redhat(dot)com (Trond Eivind =?iso-8859-1?q?Glomsr=F8d?=)
Cc: Peter Eisentraut <peter_e(at)gmx(dot)net>, PostgreSQL Development <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Configurable path to look up dynamic libraries
Date: 2001-05-15 19:43:00
Message-ID: 11393.989955780@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

teg(at)redhat(dot)com (Trond Eivind =?iso-8859-1?q?Glomsr=F8d?=) writes:
>> There is a security issue here: stuff stored in datadir is not visible
>> to random other users on the machine (since datadir is mode 700), but
>> I would not expect sysconfdir to be mode 700.

> It could be (the RPMs specify a sysconfdir of /etc/pgsql)

The usual install procedure would probably leave sysconfdir owned by
root, if one likes to install in such a way that the binaries are owned
by root (ie make, su root, make install). I'd object to a setup that's
insecure for people who aren't using RPMs.

The real bottom line here, though, is that you haven't shown me any
positive reason to move the config files out of datadir. They're not
broken where they are; and arguably they *are* data.

regards, tom lane

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Peter Eisentraut 2001-05-15 19:45:22 Re: Configurable path to look up dynamic libraries
Previous Message Trond Eivind =?iso-8859-1?q?Glomsr=F8d?= 2001-05-15 19:30:53 Re: Configurable path to look up dynamic libraries