| From: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
|---|---|
| To: | "Goulet, Dick" <DGoulet(at)vicr(dot)com> |
| Cc: | Peter Eisentraut <peter_e(at)gmx(dot)net>, "Tomeh, Husam" <htomeh(at)firstam(dot)com>, PgSQL ADMIN <pgsql-admin(at)postgresql(dot)org> |
| Subject: | Re: Installing PostgreSQL as "postgress" versus "root" Debate! |
| Date: | 2005-01-13 04:23:16 |
| Message-ID: | 200501130423.j0D4NGS24105@candle.pha.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
Goulet, Dick wrote:
> Peter,
>
> You may well be on the development team, but you are wrong for
> one very important reason. If the Postgresql executables are owned by
> root they execute with the priviledges of root. Thereby any local
What? They are not setuid?
---------------------------------------------------------------------------
> created extensions like database_size also execute with the priviledges
> of root. Wouldn't it be wonderful if some disgruntled person or a
> hacker wrote & installed a package that did an rm -fr /?? Install
> Postgres in it's own account where it's priviledges to destroy the
> server are restricted. Anything else is begging for trouble.
>
>
> Dick Goulet
> Senior Oracle DBA
> Oracle Certified 8i DBA
> -----Original Message-----
> From: Peter Eisentraut [mailto:peter_e(at)gmx(dot)net]
> Sent: Wednesday, January 12, 2005 7:01 PM
> To: Tomeh, Husam
> Cc: PgSQL ADMIN
> Subject: Re: [ADMIN] Installing PostgreSQL as "postgress" versus "root"
> Debate!
>
> Tomeh, Husam wrote:
> > I've seen book that prefer installing PostgreSQL as root and another
> > one recommends otherwise by first creating a postgres account and
> > then installing it as postgres. In the Oracle world, you don't use
> > root to install the software. What is the best practice as far as
> > PostgreSQL goes?
>
> The current recommendation, which is reflected in the installation
> instructions, is to install the software as root and to use the
> postgres user for the database files. The advice seen elsewhere in
> this thread to use the postgres user also for the software files is
> wrong.
>
> --
> Peter Eisentraut
> http://developer.postgresql.org/~petere/
>
> ---------------------------(end of broadcast)---------------------------
> TIP 2: you can get off all lists at once with the unregister command
> (send "unregister YourEmailAddressHere" to majordomo(at)postgresql(dot)org)
>
> ---------------------------(end of broadcast)---------------------------
> TIP 6: Have you searched our list archives?
>
> http://archives.postgresql.org
>
--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073
| From | Date | Subject | |
|---|---|---|---|
| Next Message | postgres | 2005-01-13 04:35:45 | Re: Installing PostgreSQL as "postgress" versus "root" Debate! |
| Previous Message | Goulet, Dick | 2005-01-13 04:21:14 | Re: Installing PostgreSQL as "postgress" versus "root" Debate! |