| From: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
|---|---|
| To: | Dan Langille <dan(at)langille(dot)org> |
| Cc: | Radoslaw Stachowiak <radek(at)alter(dot)pl>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, postgresql <pgsql-admin(at)postgresql(dot)org> |
| Subject: | Re: SSL Mode |
| Date: | 2002-12-23 22:43:44 |
| Message-ID: | 200212232243.gBNMhi002622@candle.pha.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
Dan Langille wrote:
> On Mon, 23 Dec 2002, Bruce Momjian wrote:
>
> >
> > PostgreSQL is designed to _not_ require root access, so we just make
> > everything owned by the install user. I don't see how group checks can
> > help there. Also, there is no postgres group, at least by default, and
> > no special handling based on group, though we do allow group permissions
> > on the /tmp socket file.
>
> FWIW, I know the FreeBSD port creates both a pgsql user and a pgsql group.
> I have seen evidence that some Linux distributions create a postgres user.
Yes, that is true, and if they want to patch be-secure.c, that is fine.
However, we don't _assume_ such things exist, and don't require them.
That is the (secure) key. ;-)
--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2002-12-23 22:49:56 | Re: SSL Mode |
| Previous Message | Dan Langille | 2002-12-23 22:39:58 | Re: SSL Mode |