| From: | Bryn Llewellyn <bryn(at)yugabyte(dot)com> |
|---|---|
| To: | "Peter J(dot) Holzer" <hjp-pgsql(at)hjp(dot)at> |
| Cc: | pgsql-general list <pgsql-general(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Unix users and groups... Was: "peer" authentication... |
| Date: | 2022-10-30 22:05:09 |
| Message-ID: | 16361F79-E516-4793-BE5C-6F99DFE68DA6@yugabyte.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
> hjp-pgsql(at)hjp(dot)at wrote:
>
>> bryn(at)yugabyte(dot)com:
>>
>> For the purpose of the tests that follow, I set up the O/S users "bob" and "mary" so that "id bob mary postgres" shows this:
>>
>> id=1002(bob) gid=1001(postgres) groups=1001(postgres)
>> uid=1003(mary) gid=1001(postgres) groups=1001(postgres)
>
> This has nothing to do with your problem, but don't do this. Normal users should not be in group "postgres". That gives them access to some files which are not readable by the public. It might be useful for administrators, but AFAICS your test users aren't supposed to be that.
>
>> uid=1001(postgres) gid=1001(postgres) groups=1001(postgres),27(sudo),114 (ssl-cert)
>
> And is there a reason for postgres to be in group sudo?
Thanks for pointing this out, Peter.
I was careless. I'm testing ideas using my laptop. And apart from the fragments of SQL, O/S scripts, and what these report, that I've shown on this list, everything is private. (Nobody else can access my laptop without stealing it and breaking in.)
That's no excuse for showing sloppy practices. I'll aim to do better.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | jacktby@gmail.com | 2022-10-31 03:24:37 | there is no an example in reloptions.c for string? |
| Previous Message | Adrian Klaver | 2022-10-30 16:22:53 | Re: "peer" authentication: cannot make "pg_ident.conf" work as I believe that the doc says that it should |