Re: Installing PostgreSQL as "postgress" versus "root" Debate!
| От | Goulet, Dick |
|---|---|
| Тема | Re: Installing PostgreSQL as "postgress" versus "root" Debate! |
| Дата | |
| Msg-id | 4001DEAF7DF9BD498B58B45051FBEA650207ABAA@25exch1.vicorpower.vicr.com обсуждение исходный текст |
| Ответ на | Installing PostgreSQL as "postgress" versus "root" Debate! ("Tomeh, Husam" <htomeh@firstam.com>) |
| Список | pgsql-admin |
Well, someone I can wholeheartedly agree with. So it really does not matter who owns the binaries. Once the right account gets hacked your had. If they hack root your dead, if they hack postgres the database is had although the server may survive. In either case the state of your backups is your saving grace or doom. Dick Goulet Senior Oracle DBA Oracle Certified 8i DBA -----Original Message----- From: Uwe C. Schroeder [mailto:uwe@oss4u.com] Sent: Thursday, January 13, 2005 4:14 PM To: PostgreSQL Admin Subject: Re: [ADMIN] Installing PostgreSQL as "postgress" versus "root" Debate! -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thursday 13 January 2005 10:52 am, Goulet, Dick wrote: > Doug, > > OK, Assume that the binaries are installed under root, but a > hacker cracks PostGres, what is to stop him/her from trashing all of the > database files in the first place? Their not owned by root. Installing > malware, whether it's actual code or destroying/defacing files causes > similar if not identical problems. At least their restricted to the > postgres user. And in my book the executables are of zero value whereas > the data files, and their contained data, are of infinite value. So > under your scheme we're protecting the least valuable part of the > system at the expense of the most valuable. So where is the difference? If all executables AND the data is under the postgres account - an intruder hacking the postgres account would still be able to destroy your data. BTW: most commercial software needs root access to be installed - and be it just to create the user accounts. It doesn't really matter who owns the executables - if the account owning the files is hacked you're screwed anyways. When it comes to protecting the data which is the most important thing after all, replication and backup are your friends. For my larger customers I'm running replication to two offsite servers (one east-coast, one texas, just to make sure they're fine when the next earthquake hits) and I do backups every 8 hours - which are written to a tape and distributed to another set of offsite servers using rdist. So whatever happens the max they could ever possibly lose is 8 hours, except there is a full blown nuclear attack on the whole US - in which case nobody would care about the data anyways.
В списке pgsql-admin по дате отправления: