From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | Melvyn Sopacua <mdev(at)idg(dot)nl> |
Cc: | PostgreSQL Adminlist <pgsql-admin(at)postgresql(dot)org> |
Subject: | Re: Postgres and chroot |
Date: | 2001-05-27 17:04:26 |
Message-ID: | 27237.990983066@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-admin |
Melvyn Sopacua <mdev(at)idg(dot)nl> writes:
> 1) Postgres requires me to have 'su' in the chrooted env
Postgres itself doesn't use su. Surely you can figure out a way to
run a program as non-root inside the chroot area (login, maybe)?
There's nothing that says you have to use that particular start script.
> 2) Postgres makes a shell call to the 'cp' command when creating new databases.
Yup. Live with it, or reimplement recursive cp in CREATE DATABASE.
Don't forget 'rm' too for DROP DATABASE. I don't really see the point
though; why shouldn't cp/rm be available inside the chroot playpen?
> -- Does anybody run PostgreSQL chrooted and so, how?
I'm pretty sure uunet is running multiple Postgreses chrooted to
different places on the same system.
However, I wonder if you aren't adopting a MySQL-driven worldview
in assuming that you need to do this in the first place. Since Postgres
doesn't run as root, and doesn't expose any filesystem access capability
to non-superusers, the need to put it in a chroot playpen seems much
less to me.
regards, tom lane
From | Date | Subject | |
---|---|---|---|
Next Message | armelle clech | 2001-05-28 09:03:48 | psql runtime error on Windows 2000 |
Previous Message | Melvyn Sopacua | 2001-05-27 16:14:08 | Postgres and chroot |