Re: [INTERFACES] pg_pwd

"Sergio A. Kessler" <ser@perio.unlp.edu.ar> writes:
> what is the funcionality of the file pg_pwd in $PG_DATA ?
> (no, there is _nothing_ in the docs)

That's cause you don't need to know ;-)

Seriously, it's a flat-file copy of pg_shadow, used by the postmaster
to do password verification.  (The postmaster can't look directly at
pg_shadow because it cannot participate in database operations.)
See doc/TODO.detail/pg_shadow.

> and why is world =writable & readable= ?
> (hey, everybody, wanna know my passwd ?)

It's not really a security hole because it lives inside a directory
that's mode 700 (unless you tampered with the default permissions
setup).  However, I agree it oughta be changed anyway.

The real issue here is that backend-side COPY writes files with mode
666, which seems a strange and dangerous choice to me.  But someone once
thought it was a good idea, because COPY goes out of its way to make
that happen.  Does anyone have a clue why?
        regards, tom lane