Re: Putting the O/S user for "local" "peer" authentication in the "postgres" group vs chmod'ing the "pg*.conf" files to be readable by "all"

From: "Peter J(dot) Holzer" <hjp-pgsql(at)hjp(dot)at>
To: pgsql-general(at)lists(dot)postgresql(dot)org
Subject: Re: Putting the O/S user for "local" "peer" authentication in the "postgres" group vs chmod'ing the "pg*.conf" files to be readable by "all"
Date: 2022-11-03 23:01:02
Message-ID: 20221103230102.zytxxxwl5lgr5xnv@hjp.at
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

On 2022-11-03 15:37:07 -0700, Adrian Klaver wrote:
> On 11/3/22 14:49, Bryn Llewellyn wrote:
> > So only "postgres" can edit the files that must be so edited.
>
> That is not true:
>
> aklaver(at)arkansas:~$ whoami
> aklaver
>
>
> aklaver(at)arkansas:~$ sudo vi /etc/postgresql/14/main/pg_hba.conf
> [sudo] password for aklaver:
>
> which opens pg_hba.conf for editing.

Well, yes. Root can edit the file, too. But root can edit anything[1].

hp

[1] Except ... lots of stuff, actually.

--
_ | Peter J. Holzer | Story must make more sense than reality.
|_|_) | |
| | | hjp(at)hjp(dot)at | -- Charles Stross, "Creative writing
__/ | http://www.hjp.at/ | challenge!"

In response to

Browse pgsql-general by date

  From Date Subject
Next Message Ron 2022-11-04 01:46:48 Re: shutdown Postgres (standby) host causing timeout on other servers in replication
Previous Message Tom Lane 2022-11-03 22:49:40 Re: shutdown Postgres (standby) host causing timeout on other servers in replication