Re: Configurable path to look up dynamic libraries
| От | teg@redhat.com (Trond Eivind Glomsrød) |
|---|---|
| Тема | Re: Configurable path to look up dynamic libraries |
| Дата | |
| Msg-id | xuyu22mo0nf.fsf@halden.devel.redhat.com обсуждение исходный текст |
| Ответ на | Re: Configurable path to look up dynamic libraries (Tom Lane <tgl@sss.pgh.pa.us>) |
| Список | pgsql-hackers |
Tom Lane <tgl@sss.pgh.pa.us> writes: > teg@redhat.com (Trond Eivind Glomsrød) writes: > >> There is a security issue here: stuff stored in datadir is not visible > >> to random other users on the machine (since datadir is mode 700), but > >> I would not expect sysconfdir to be mode 700. > > > It could be (the RPMs specify a sysconfdir of /etc/pgsql) > > The usual install procedure would probably leave sysconfdir owned by > root, if one likes to install in such a way that the binaries are owned > by root (ie make, su root, make install). I'd object to a setup that's > insecure for people who aren't using RPMs. So make the files unreadable, if so required. > The real bottom line here, though, is that you haven't shown me any > positive reason to move the config files out of datadir. It conflicts with the FHS - and no, I don't consider configuration files and data as an identical item. -- Trond Eivind Glomsrød Red Hat, Inc.
В списке pgsql-hackers по дате отправления: