From: | Ivo Rossacher <rossacher(at)bluewin(dot)ch> |
---|---|
To: | pgsql-admin(at)postgresql(dot)org |
Subject: | Re: security - user account setup on SUSE |
Date: | 2005-05-12 10:59:59 |
Message-ID: | 200505121259.59927.rossacher@bluewin.ch |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-admin |
Am Mittwoch, 11. Mai 2005 20:42 schrieb Brandon Fouts:
> I think for security reasons I should not run PostgreSQL from the root
yes.
> account. Also, as PostgreSQL will probably be only one of the applications
> running on this box. (would running in UML give me any extra security? - I
> suspect not the right tool??)
Don't think this helps by it self.
>
> IF I'm wrong to worry about root account, now is the time to inform me.
> Otherwise read on.
>
> (I have setup once and I think I had it running from the root account.)
>
> background SUSE 9 and YAST install of PostgreSQL creates the following
> directories:
>
> /usr/lib/postgresql/
> /usr/share/postgresql/
> /usr/share/pgsql/
> /var/lib/pgsql/backup
> /var/lib/pgsql/data
>
> and currently status shows unused
> # rcpostgresql status unused (rc - is this some kind of
> scripting??)
>
> Can anyone offer some guidance?
In the Yast tool you can start the servers you need in the Runlevel-Editor.
There you can select in which runnlevels you want it to run as well.
When you start it there, at startup a scritp will be executed with root
permission. This script will start then the Server with postgres as user. So
the database does not run under root permission (which would be definitly
bad).
Best regards
Ivo
>--------------------------(end of broadcast)---------------------------
> TIP 2: you can get off all lists at once with the unregister command
> (send "unregister YourEmailAddressHere" to majordomo(at)postgresql(dot)org)
From | Date | Subject | |
---|---|---|---|
Next Message | Bruno Wolff III | 2005-05-12 12:46:56 | Re: brute force attacking the password |
Previous Message | Michael Kichanov | 2005-05-12 10:47:14 | Incremental backup |