Re: Required permissions for data directory

From: Greg Stark <gsstark(at)mit(dot)edu>
To: pgsql-hackers(at)postgresql(dot)org
Subject: Re: Required permissions for data directory
Date: 2004-10-12 21:18:20
Message-ID: 87r7o3zlcz.fsf@stark.xeocode.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers


"Joshua D. Drake" <jd(at)commandprompt(dot)com> writes:

> However, it is also true that by having the ability to give say a tier2 the
> ability to edit the postgresql.conf withough the ability to log in as postgres
> or root, then that user can not stop/start the database, or have root access.
> They can however, allow another IP, user, network access.

What about in my case where it's not that I don't have permission to log in as
postgres it's just that I consider it a pain. It means I can't open files in
my own editor and other tools easily, I have to start up a separate login and
use separate tools.

Or sites where as a matter of policy DBAs and system administrators are
supposed to use their own accounts, not because they couldn't break into the
systems if they chose to, but because it's just better policy.

In general the more often people have to authenticate as root (or postgres in
this case) the more easily it can be compromised, and the less useful audit
records are. ("hm, was this root login a compromise or was it just the 69th
normal root login that day?")

I can understand checking for "anyone" privilege on the basis that that would
never make sense. But checking for "group" access always struck me as dumb. It
assumes the sysadmin is shooting himself in the foot just because he might be.

--
greg

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Andreas Pflug 2004-10-12 21:59:31 Re: Required permissions for data directory
Previous Message Tom Lane 2004-10-12 21:10:42 Re: plans for bitmap indexes?