| From: | Robert Kernell <kernell(at)sundog(dot)larc(dot)nasa(dot)gov> |
|---|---|
| To: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Restricting permissions on Unix socket |
| Date: | 2000-10-31 21:36:26 |
| Message-ID: | 200010312136.QAA12773@sundog.larc.nasa.gov |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> I'd like to add an option or two to restrict the set of users that can
> connect to the Unix domain socket of the postmaster, as an extra security
> option.
>
> I imagine something like this:
>
> unix_socket_perm = 0660
> unix_socket_group = pgusers
>
> Obviously, permissions that don't have 6's in there don't make much sense,
> but I feel this notation is the most intuitive way for admins.
>
> I'm not sure how to do the group thing, though. If I use chown(2) then
> there's a race condition, but doing savegid; create socket; restoregid
> might be too awkward? Any hints?
>
Just curious. What is a race condition?
Bob Kernell
Research Scientist
Surface Validation Group
Atmospheric Sciences Competency
Analytical Services & Materials, Inc.
email: kernell(at)sundog(dot)larc(dot)nasa(dot)gov
tel: 757-827-4631
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Steve Wolfe | 2000-10-31 21:42:01 | Query caching |
| Previous Message | Mikheev, Vadim | 2000-10-31 21:04:15 | RE: WAL status update |