On 4/2/15 3:26 PM, Devrim Gündüz wrote:
> On Mon, 2015-03-30 at 11:30 -0400, Peter Eisentraut wrote:
>> In 16e435b586c6f27abc9ab9676a9448b897e582aa, the ownership of
>> /etc/pgbouncer was changed from root:root to pgbouncer:pgbouncer.
>> That seems like a mistake to me. What was the reason for this change?
>
> Jess' idea was being able to edit the config file with pgbouncer user.
> Why do you think that is a bad idea?
Because when a daemon runs as a separate user, I want it to have as
little access as possible.
The reason you give (or were given) is an arbitrary local decision and
should not be global policy. (sudo is a better tool for that anyway.)