Re: We should Axe /contrib/start-scripts
| От | Tom Lane |
|---|---|
| Тема | Re: We should Axe /contrib/start-scripts |
| Дата | |
| Msg-id | 2325.1251232860@sss.pgh.pa.us обсуждение исходный текст |
| Ответ на | Re: We should Axe /contrib/start-scripts ("Kevin Grittner" <Kevin.Grittner@wicourts.gov>) |
| Ответы |
Re: We should Axe /contrib/start-scripts
|
| Список | pgsql-hackers |
"Kevin Grittner" <Kevin.Grittner@wicourts.gov> writes:
> You're thinking that pg_ctl would capture it's parent PID and pass it
> to the postmaster one way or the other? That seems like it covers the
> specific issue you were referencing up-thread. It has been bubbling
> around in my head that we have other processes which run under the
> same user ID for such things as vacuum and purge scripts, as well as
> rsync of backup files. These would still create some risk of a false
> match, right? Just a much smaller risk?
Only if they are running at times when your postmaster(s) aren't ...
realistically, unless you launch them from initscripts that start before
your postmasters launch, I don't think there's going to be a problem.
Still, just from a security point of view, it might be better if those
don't run as the postgres operating-system user. Not sure if that's
workable for rsync (since it has to be able to read the postgres files)
but stuff like vacuum scripts could surely be run from a different
userid.
regards, tom lane
В списке pgsql-hackers по дате отправления: