Re: Restricting permissions on Unix socket

From: Alfred Perlstein <bright(at)wintelcom(dot)net>
To: Peter Eisentraut <peter_e(at)gmx(dot)net>
Cc: PostgreSQL Development <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Restricting permissions on Unix socket
Date: 2000-10-31 23:02:30
Message-ID: 20001031150230.E22110@fw.wintelcom.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

* Peter Eisentraut <peter_e(at)gmx(dot)net> [001031 12:57] wrote:
> I'd like to add an option or two to restrict the set of users that can
> connect to the Unix domain socket of the postmaster, as an extra security
> option.
>
> I imagine something like this:
>
> unix_socket_perm = 0660
> unix_socket_group = pgusers
>
> Obviously, permissions that don't have 6's in there don't make much sense,
> but I feel this notation is the most intuitive way for admins.
>
> I'm not sure how to do the group thing, though. If I use chown(2) then
> there's a race condition, but doing savegid; create socket; restoregid
> might be too awkward? Any hints?

Set your umask to 777 then go to town.

--
-Alfred Perlstein - [bright(at)wintelcom(dot)net|alfred(at)freebsd(dot)org]
"I have the heart of a child; I keep it in a jar on my desk."

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message KuroiNeko 2000-10-31 23:07:01 Re: Query caching
Previous Message Alfred Perlstein 2000-10-31 23:01:31 Re: Query caching