Re: security - user account setup on SUSE

From: Ivo Rossacher <rossacher(at)bluewin(dot)ch>
To: pgsql-admin(at)postgresql(dot)org
Subject: Re: security - user account setup on SUSE
Date: 2005-05-12 10:59:59
Message-ID: 200505121259.59927.rossacher@bluewin.ch
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-admin

Am Mittwoch, 11. Mai 2005 20:42 schrieb Brandon Fouts:
> I think for security reasons I should not run PostgreSQL from the root

yes.

> account. Also, as PostgreSQL will probably be only one of the applications
> running on this box. (would running in UML give me any extra security? - I
> suspect not the right tool??)

Don't think this helps by it self.

>
> IF I'm wrong to worry about root account, now is the time to inform me.
> Otherwise read on.
>
> (I have setup once and I think I had it running from the root account.)
>
> background SUSE 9 and YAST install of PostgreSQL creates the following
> directories:
>
> /usr/lib/postgresql/
> /usr/share/postgresql/
> /usr/share/pgsql/
> /var/lib/pgsql/backup
> /var/lib/pgsql/data
>
> and currently status shows unused
> # rcpostgresql status unused (rc - is this some kind of
> scripting??)
>
> Can anyone offer some guidance?

In the Yast tool you can start the servers you need in the Runlevel-Editor.
There you can select in which runnlevels you want it to run as well.
When you start it there, at startup a scritp will be executed with root
permission. This script will start then the Server with postgres as user. So
the database does not run under root permission (which would be definitly
bad).

Best regards
Ivo

>--------------------------(end of broadcast)---------------------------
> TIP 2: you can get off all lists at once with the unregister command
> (send "unregister YourEmailAddressHere" to majordomo(at)postgresql(dot)org)

In response to

Browse pgsql-admin by date

  From Date Subject
Next Message Bruno Wolff III 2005-05-12 12:46:56 Re: brute force attacking the password
Previous Message Michael Kichanov 2005-05-12 10:47:14 Incremental backup