Re: Installing PostgreSQL as "postgress" versus "root" Debate!

In article <4001DEAF7DF9BD498B58B45051FBEA650207ABAA@25exch1.vicorpower.vicr.com>,
Goulet, Dick <DGoulet@vicr.com> wrote:
> Well, someone I can wholeheartedly agree with.  So it really does not
>matter who owns the binaries.  Once the right account gets hacked your
>had.  If they hack root your dead, if they hack postgres the database is
>had although the server may survive.  In either case the state of your
>backups is your saving grace or doom.

No, it's easier to hack postgres, as the database is running
as the postgres user. If you allow something like PgPerl, it's
even trivial. The PgPerl script runs as user postgres, and can
trojan e.g. the psql executable. The next time someone (perhaps
even root ... ) runs psql, they're 0wned.

Now it's not that bad an idea to install postgres as a non-root
user .. but use a DIFFERENT account to actually start and run
postgres. That way your binaries are protected.

E.g. install postgres as user 'pgbin', so that all binaries are
owned by 'pgbin', then run it as user 'postgres'.

Mike.