| From: | "Dan Langille" <dan(at)langille(dot)org> |
|---|---|
| To: | "Christopher Kings-Lynne" <chriskl(at)familyhealth(dot)com(dot)au> |
| Cc: | <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: What goes into the security doc? |
| Date: | 2003-01-24 15:00:52 |
| Message-ID: | 3E310ED4.2715.5D39B3DB@localhost |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-docs pgsql-hackers |
On 22 Jan 2003 at 13:29, Christopher Kings-Lynne wrote:
> Recommend always running "initdb -W" and setting all pg_hba entries to md5.
Thanks. I also encountered this item on IRC:
[09:26] <fede2> Guys, is there a problem with using /bin/true of
/bin/false as the shell of the postgres user? The docs only says
"adduser postgres" , witch will give postgres a nice shell.
[09:27] <fede2> I'm asking because the guys from Gentoo (thats a
distro FWIW), want to use either /bin/false of /bin/true as postgres'
shell.
[09:27] <dvl> fede2: it means you won't be able to become the
postgres user to run commands.
[09:27] <mmc_> ... to run SHELL commands.
[09:29] <fede2> dvl: Aldo it's not the same, one could use "su -c foo
postgres" to workarround it.
[09:30] <fede2> dvl: I was wondering if it had an even heavier
reason, besides that.
[09:34] <mmc_> fede2: tha manpage of su says, that -c args is treated
by the login shell !
[09:35] <fede2> mmc_: Hmm.. true. That makes it a heavy enough
reason. Thanks.
[09:35] * fede2 departs
--
Dan Langille : http://www.langille.org/
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andrew Dunstan | 2003-01-24 15:36:43 | Re: What goes into the security doc? |
| Previous Message | Oliver Elphick | 2003-01-24 11:34:38 | Re: Patch for minor error |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2003-01-24 15:22:16 | Re: Odd subselect in target list behavior WRT aggregates |
| Previous Message | John Liu | 2003-01-24 14:32:13 | poor performance of subquery in psql |