Re: Password for postgresql superuser?

Sorry; I meant a password at the operating system level, not at the postgresql level.

On my Linux system, without an OS level password, the only way to log in (in Linux) to the postgres account is by su'ing from root, which seems more secure than having a password for the postgres account.

----- Original Message -----
From: "jqpx37" <jqpx37(at)iprive(dot)com>
To: pgsql-general(at)postgresql(dot)org
Sent: Thursday, June 08, 2006 11:05 AM
Subject: [GENERAL] Password for postgresql superuser?

Is there any security risk in the postgresql superuser having a password?

I installed a Linux distro recently and had it install Postgresql. It automatically set up the postgres account; the account was set up with no password.

I could of course create a password, but it's not clear to me that's a good thing from a security standpoint.
---------------------------(end of broadcast)---------------------------
TIP 3: Have you checked our extensive FAQ?

http://www.postgresql.org/docs/faq
>From pgsql-general-owner(at)postgresql(dot)org Thu Jun 8 12:44:44 2006
X-Original-To: pgsql-general-postgresql(dot)org(at)postgresql(dot)org
Received: from localhost (mx1.hub.org [200.46.208.251])
by postgresql.org (Postfix) with ESMTP id 457A89FA621
for <pgsql-general-postgresql(dot)org(at)postgresql(dot)org>; Thu, 8 Jun 2006 12:44:44 -0300 (ADT)
Received: from postgresql.org ([200.46.204.71])
by localhost (mx1.hub.org [200.46.208.251]) (amavisd-new, port 10024)
with ESMTP id 71388-01 for <pgsql-general-postgresql(dot)org(at)postgresql(dot)org>;
Thu, 8 Jun 2006 12:44:36 -0300 (ADT)
X-Greylist: delayed 00:19:59.849665 by SQLgrey-
Received: from poczta.homelinux.com (dqk136.neoplus.adsl.tpnet.pl [83.24.170.136])
by postgresql.org (Postfix) with ESMTP id 38EC59FA5C8
for <pgsql-general(at)postgresql(dot)org>; Thu, 8 Jun 2006 12:44:36 -0300 (ADT)
Received: from rafal by poczta.homelinux.com with local (Exim 4.62)
(envelope-from <rafal(at)zorro(dot)isa-geek(dot)com>)
id 1FoMN6-0005k0-5j; Thu, 08 Jun 2006 17:24:32 +0200
Subject: Re: Password for postgresql superuser?
From: Rafal Pietrak <rafal(at)zorro(dot)isa-geek(dot)com>
To: jqpx37(at)iprive(dot)com
Cc: pgsql-general(at)postgresql(dot)org
In-Reply-To: <20060608150832(dot)9B6846400B5(at)iprive(dot)iconicnetworks(dot)com>
References: <20060608140554(dot)35A6C640060(at)iprive(dot)iconicnetworks(dot)com>
<20060608150832(dot)9B6846400B5(at)iprive(dot)iconicnetworks(dot)com>
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
Date: Thu, 08 Jun 2006 17:24:30 +0200
Message-Id: <1149780271(dot)22835(dot)207(dot)camel(at)model(dot)home(dot)waw(dot)pl>
Mime-Version: 1.0
X-Mailer: Evolution 2.6.1
X-SA-Exim-Connect-IP: <locally generated>
X-SA-Exim-Mail-From: rafal(at)zorro(dot)isa-geek(dot)com
X-SA-Exim-Scanned: No (on poczta.homelinux.com); SAEximRunCond expanded to false
X-Virus-Scanned: Maia Mailguard 1.0.1
X-Archive-Number: 200606/270
X-Sequence-Number: 96642

On Thu, 2006-06-08 at 09:08 -0600, jqpx37 wrote:
> Sorry; I meant a password at the operating system level, not at the postgresql level.
>
> On my Linux system, without an OS level password, the only way to log in (in Linux) to the postgres account is by su'ing from root, which seems more secure than having a password for the postgres account.

Have you tried sudo ("sudo" command)?

It asks for a personal password, and grants whatever priviledge is
configured for that person, even root priviledge.

-R

> ----- Original Message -----
> From: "jqpx37" <jqpx37(at)iprive(dot)com>
> To: pgsql-general(at)postgresql(dot)org
> Sent: Thursday, June 08, 2006 11:05 AM
> Subject: [GENERAL] Password for postgresql superuser?
>
> Is there any security risk in the postgresql superuser having a password?
>
> I installed a Linux distro recently and had it install Postgresql. It automatically set up the postgres account; the account was set up with no password.
>
> I could of course create a password, but it's not clear to me that's a good thing from a security standpoint.
> ---------------------------(end of broadcast)---------------------------
> TIP 3: Have you checked our extensive FAQ?
>
> http://www.postgresql.org/docs/faq
> ---------------------------(end of broadcast)---------------------------
> TIP 4: Have you searched our list archives?
>
> http://archives.postgresql.org
--
-R