Re: Installing PostgreSQL as "postgress" versus "root" Debate!

From: Gémes Géza <geza(at)kzsdabas(dot)sulinet(dot)hu>
To: "Goulet, Dick" <DGoulet(at)vicr(dot)com>
Cc: Peter Eisentraut <peter_e(at)gmx(dot)net>, "Tomeh, Husam" <htomeh(at)firstam(dot)com>, PgSQL ADMIN <pgsql-admin(at)postgresql(dot)org>
Subject: Re: Installing PostgreSQL as "postgress" versus "root" Debate!
Date: 2005-01-13 11:39:00
Message-ID: 41E65DD4.6020201@kzsdabas.sulinet.hu
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-admin

Goulet, Dick írta:

>Peter,
>
> You may well be on the development team, but you are wrong for
>one very important reason. If the Postgresql executables are owned by
>root they execute with the priviledges of root. Thereby any local
>created extensions like database_size also execute with the priviledges
>of root. Wouldn't it be wonderful if some disgruntled person or a
>hacker wrote & installed a package that did an rm -fr /?? Install
>Postgres in it's own account where it's priviledges to destroy the
>server are restricted. Anything else is begging for trouble.
>
>
>Dick Goulet
>Senior Oracle DBA
>Oracle Certified 8i DBA
>-----Original Message-----
>From: Peter Eisentraut [mailto:peter_e(at)gmx(dot)net]
>Sent: Wednesday, January 12, 2005 7:01 PM
>To: Tomeh, Husam
>Cc: PgSQL ADMIN
>Subject: Re: [ADMIN] Installing PostgreSQL as "postgress" versus "root"
>Debate!
>
>Tomeh, Husam wrote:
>
>
>>I've seen book that prefer installing PostgreSQL as root and another
>>one recommends otherwise by first creating a postgres account and
>>then installing it as postgres. In the Oracle world, you don't use
>>root to install the software. What is the best practice as far as
>>PostgreSQL goes?
>>
>>
>
>The current recommendation, which is reflected in the installation
>instructions, is to install the software as root and to use the
>postgres user for the database files. The advice seen elsewhere in
>this thread to use the postgres user also for the software files is
>wrong.
>
>
>
Sorry, but under the UNIX security modell each process (except special
seteuid and setruid calls) get loaded, with the priviledges of the
process which loaded it. Just try executing postmaster as an ordinary
user, you will see, that it won't be able to access its data files.

Cheers

Geza

In response to

Browse pgsql-admin by date

  From Date Subject
Next Message Dawid Kuroczko 2005-01-13 12:06:40 Re: Installing PostgreSQL as "postgress" versus "root" Debate!
Previous Message Peter Eisentraut 2005-01-13 08:27:41 Re: Installing PostgreSQL as "postgress" versus "root" Debate!