Re: Installing PostgreSQL as "postgress" versus "root" Debate!
| От | Bruce Momjian |
|---|---|
| Тема | Re: Installing PostgreSQL as "postgress" versus "root" Debate! |
| Дата | |
| Msg-id | 200501130423.j0D4NGS24105@candle.pha.pa.us обсуждение исходный текст |
| Ответ на | Re: Installing PostgreSQL as "postgress" versus "root" Debate! ("Goulet, Dick" <DGoulet@vicr.com>) |
| Список | pgsql-admin |
Goulet, Dick wrote: > Peter, > > You may well be on the development team, but you are wrong for > one very important reason. If the Postgresql executables are owned by > root they execute with the priviledges of root. Thereby any local What? They are not setuid? --------------------------------------------------------------------------- > created extensions like database_size also execute with the priviledges > of root. Wouldn't it be wonderful if some disgruntled person or a > hacker wrote & installed a package that did an rm -fr /?? Install > Postgres in it's own account where it's priviledges to destroy the > server are restricted. Anything else is begging for trouble. > > > Dick Goulet > Senior Oracle DBA > Oracle Certified 8i DBA > -----Original Message----- > From: Peter Eisentraut [mailto:peter_e@gmx.net] > Sent: Wednesday, January 12, 2005 7:01 PM > To: Tomeh, Husam > Cc: PgSQL ADMIN > Subject: Re: [ADMIN] Installing PostgreSQL as "postgress" versus "root" > Debate! > > Tomeh, Husam wrote: > > I've seen book that prefer installing PostgreSQL as root and another > > one recommends otherwise by first creating a postgres account and > > then installing it as postgres. In the Oracle world, you don't use > > root to install the software. What is the best practice as far as > > PostgreSQL goes? > > The current recommendation, which is reflected in the installation > instructions, is to install the software as root and to use the > postgres user for the database files. The advice seen elsewhere in > this thread to use the postgres user also for the software files is > wrong. > > -- > Peter Eisentraut > http://developer.postgresql.org/~petere/ > > ---------------------------(end of broadcast)--------------------------- > TIP 2: you can get off all lists at once with the unregister command > (send "unregister YourEmailAddressHere" to majordomo@postgresql.org) > > ---------------------------(end of broadcast)--------------------------- > TIP 6: Have you searched our list archives? > > http://archives.postgresql.org > -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square, Pennsylvania 19073
В списке pgsql-admin по дате отправления: