Re: Thoughts on the location of configuration files

> How many people really use unix socket permissions in postgresql.conf?
> Probably very few.  We could announce when it goes away, and even throw
> an error if it appears in postgresql.conf.  Seems that would clear it up
> and make the feature much more usable.
> 
> Security is very easy to mess up.  That's why I think clarity is
> important.  If we are going to change the default socket permissions to
> 700, that clearly would be a good time to make the change, no?

Now that I look at postgresql.conf, I do see lots of connection-related
stuff:##       Connection Parameters##tcpip_socket = false#ssl = false#max_connections = 32#port = 5432
#hostname_lookup= false#show_source_port = false#unix_socket_directory = ''#unix_socket_group =
''#unix_socket_permissions= 0777#virtual_host = ''#krb_server_keyfile = ''
 

I guess my problem is that we will have 'trust' in pg_hba.conf, but then
override that in postgresql.conf by restricting permissions to one user.
That seems kind of strange.  We may have to change pg_hba.conf 'trust'
anyway to something like 'socketpermit', or remove the permission
setting in postgresql.conf and add the two new ones I suggested,
singleuser, and singlegroup.

--  Bruce Momjian                        |  http://candle.pha.pa.us pgman@candle.pha.pa.us               |  (610)
853-3000+  If your life is a hard drive,     |  830 Blythe Avenue +  Christ can be your backup.        |  Drexel Hill,
Pennsylvania19026