Re: heads up -- subtle change of behavior of new initdb

From: Greg Stark <gsstark(at)mit(dot)edu>
To: Peter Eisentraut <peter_e(at)gmx(dot)net>
Cc: Greg Stark <gsstark(at)mit(dot)edu>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: heads up -- subtle change of behavior of new initdb
Date: 2003-11-14 16:10:32
Message-ID: 871xsbnd6v.fsf@stark.dyndns.tv
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers pgsql-patches

Peter Eisentraut <peter_e(at)gmx(dot)net> writes:

> Greg Stark writes:
>
> > Wouldn't at least 0750 be safe? That way putting a user in the postgres group
> > would grant him access to be able to browse around and read the files in
> > pg_data.
>
> That assumes that there is a restricted postgres group, which is not
> guaranteed.

Well the current setup assumes the admin hasn't leaked the root password too.

I'm not suggesting making that the default setup, just loosening the paranoia
check so that if an admin sets the directory to be group readable the database
doesn't refuse to start up.

--
greg

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Tom Lane 2003-11-14 16:38:20 Re: ALTER TABLE modifications
Previous Message Robert Treat 2003-11-14 16:06:59 Re: cvs head? initdb?

Browse pgsql-patches by date

  From Date Subject
Next Message Tom Lane 2003-11-14 16:38:20 Re: ALTER TABLE modifications
Previous Message Dave Cramer 2003-11-14 15:59:31 Re: ALTER TABLE modifications