Re: Required permissions for data directory

"Joshua D. Drake" <jd@commandprompt.com> writes:
> For 8.0 are we going to allow group modifications to the data 
> directories for PostgreSQL? It is kind of silly that it must be 700.

Not in the least.  There are many systems where users by default
are all in a "users" group, and so 770 isn't much safer than 777.

> I think we should allow at least 770. This allows you to have 
> administrators with postgresql.conf editing rights without giving
> them the ability to su to postgresql.

Being able to edit postgresql.conf gives one the ability to become
postgres (hint: you can cause the backend to load a shlib of your
choosing, or even more trivially, adjust pg_hba.conf to let you in
as superuser), so the above distinction is unenforceable.

In short: no way.
        regards, tom lane