RE: Restricting permissions on Unix socket
| От | Jones, Colin |
|---|---|
| Тема | RE: Restricting permissions on Unix socket |
| Дата | |
| Msg-id | 67D56677795DB34482C0DBCF1AD5EC42392067@xchange-dal.rightnowtech.com обсуждение исходный текст |
| Ответ на | Restricting permissions on Unix socket (Peter Eisentraut <peter_e@gmx.net>) |
| Список | pgsql-hackers |
<p><font size="2">Please take me off this list! I have received over 50 emails in the last 24 hours and I have no idea whyI am getting them. Please look for email address cjones@rightnotech.com or cjones@rightnow.com and take it out! Thanks!</font><br/><br /><p><font size="2">-----Original Message-----</font><br /><font size="2">From: Robert Kernell [<ahref="mailto:kernell@sundog.larc.nasa.gov">mailto:kernell@sundog.larc.nasa.gov</a>]</font><br /><font size="2">Sent: Tuesday,October 31, 2000 3:36 PM</font><br /><font size="2">To: pgsql-hackers@postgresql.org</font><br /><font size="2">Subject:Re: [HACKERS] Restricting permissions on Unix socket</font><br /><br /><p><font size="2">> I'd like toadd an option or two to restrict the set of users that can</font><br /><font size="2">> connect to the Unix domain socketof the postmaster, as an extra security</font><br /><font size="2">> option.</font><br /><font size="2">> </font><br/><font size="2">> I imagine something like this:</font><br /><font size="2">> </font><br /><font size="2">>unix_socket_perm = 0660</font><br /><font size="2">> unix_socket_group = pgusers</font><br /><font size="2">></font><br /><font size="2">> Obviously, permissions that don't have 6's in there don't make much sense,</font><br/><font size="2">> but I feel this notation is the most intuitive way for admins.</font><br /><font size="2">></font><br /><font size="2">> I'm not sure how to do the group thing, though. If I use chown(2) then</font><br/><font size="2">> there's a race condition, but doing savegid; create socket; restoregid</font><br /><fontsize="2">> might be too awkward? Any hints?</font><br /><font size="2">> </font><p><font size="2">Just curious.What is a race condition? </font><p><font size="2">Bob Kernell</font><br /><font size="2">Research Scientist</font><br/><font size="2">Surface Validation Group</font><br /><font size="2">Atmospheric Sciences Competency</font><br/><font size="2">Analytical Services & Materials, Inc.</font><br /><font size="2">email: kernell@sundog.larc.nasa.gov</font><br/><font size="2">tel: 757-827-4631</font>
В списке pgsql-hackers по дате отправления: