Quick Links

Re: Improved security for https://www.postgresql.org/docs/current/install-make.html

From:	Peter Eisentraut <peter(at)eisentraut(dot)org>
To:	bgiles(at)coyotesong(dot)com, pgsql-docs(at)lists(dot)postgresql(dot)org
Subject:	Re: Improved security for https://www.postgresql.org/docs/current/install-make.html
Date:	2024-11-11 15:32:55
Message-ID:	19968047-83d1-4582-af56-cf4ddfc25c2e@eisentraut.org
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-docs

On 06.11.24 22:58, PG Doc comments form wrote:
> The 'short' script can then be rewritten as
>
> ```
> # work done as a regular user
> ./configure
> make build
>
> # work that requires ROOT access
> su
> mkdir /usr/local/pgsql/data
> chown (current user):(current group) /usr/local/pgsql
> adduser --system --group postgres
> exit
>
> # work that requires POSTGRES access
> su -u postgres
> make install installdirs
> exit

We don't want the installed files to be owned by postgres. That would
mean that a compromised PostgreSQL server (running as "postgres") could
overwrite its own installation files. You don't have to use "root" for
the installation, of course, but it should be separate from "postgres".

In response to

Improved security for https://www.postgresql.org/docs/current/install-make.html at 2024-11-06 21:58:13 from PG Doc comments form

Responses

Re: Improved security for https://www.postgresql.org/docs/current/install-make.html at 2024-11-12 21:50:11 from Bear Giles

Browse pgsql-docs by date

	From	Date	Subject
Next Message	Alvaro Herrera	2024-11-12 08:45:12	Re: CREATE UNIQUE INDEX name ON table (column [, ...]) [ NULLS [ NOT ] DISTINCT ];
Previous Message	David G. Johnston	2024-11-11 13:39:31	Re: Documentation error in tutorial page for Window Functions