The Hermit Hacker <scrappy@hub.org> writes:
> is there any reason why we can't make the permissions on pg_hba.conf 600
> vs 400? the data directory itself is only readable by the 'superuser'...
I think the motivation may have been to prevent an attacker who manages
to connect as superuser from overwriting the pg_hba.conf file with
something more liberal (using backend-side COPY). However, if he's
already managed to connect as superuser, it's difficult to see what
he needs more-liberal connection privileges for.
600 does seem a lot more convenient for the admin. 400 might save
the admin from some simple kinds of human error --- but not if he's
already in the habit of overriding the protection whenever he updates
the file.
In short, I agree. Does anyone else see any real security gain from
making it 400?
regards, tom lane