Re: Installing PostgreSQL as "postgress" versus "root" Debate!

Well, thanks for the leeway, but getting one's nose rubbed in things for
good and bad comes with the turf.  If there's one thing I've learned
about software over the years it's that there are many ways to skin the
same cat, just some are less painful than others.

Anyway, to the discussion: Commercial software, not just databases and
outside of MicroSludge, always want to be installed in their own user
accounts.  PostGreSql does not recommend the same since it recommends
being installed by root.  This sets off auditors and sysadmins,
especially those with little open source experience.   Management is not
too happy about it as well, nor are security folks.  It's a simple
matter if you don't have to access root owned software, other than
operating system installed, then "things must be safer".  I'll admit to
being part of that culture and having a bias.  I like having root
restricted, including making it impossible to login to root except
through the system console or via su.  Means that to break in from
outside you've got to break two accounts, not one.  That leads it self
to Postgres install as well.  I as the DBA should be able to install,
upgrade, etc the software without access to the root account.  Simply
put the fewer people who know the root password the fewer who can
destroy the system and the fewer who have to be told when the password
changes.  And the fewer people who know anything, the more secure it is.


Dick Goulet
Senior Oracle DBA
Oracle Certified 8i DBA
-----Original Message-----
From: Dick Davies [mailto:rasputnik@hellooperator.net]
Sent: Thursday, January 13, 2005 7:21 AM
To: PostgreSQL Admin
Subject: Re: [ADMIN] Installing PostgreSQL as "postgress" versus "root"
Debate!

* Dawid Kuroczko <qnex42@gmail.com> [0117 12:17]:
> On Wed, 12 Jan 2005 20:52:16 -0800, Joshua D. Drake
> <jd@commandprompt.com> wrote:
> > >Whatever, I'll keep root only for absolutely restricted use &
install
> > >under a separate user account.  Works just fine & it makes the
auditors
> > >& sysadmin feel better.
> > I don't argue the point of using root. I agree with you there.
> > Just the point that if it is owned by root it executes as root.
>
> But only if either setuid root or executed by root.  Hey, on my
> system even /bin/sh is owned by root; it would be funny of it
> executed as root

C'mon folks, the guy obviously made a booboo - no need to rub his
nose in it...

--
'Bender, Ship, stop arguing or I'll come back there and change
your opinions manually.'
        -- Leela
Rasputin :: Jack of All Trades - Master of Nuns

---------------------------(end of broadcast)---------------------------
TIP 6: Have you searched our list archives?

               http://archives.postgresql.org