> No. Make /var/run writable by some group (e.g., group pidlog) and put
> postgres (and other things like root or daemon or ..., whatever needs
> to log pid files) in that group.
We can't expect the user to be able to change /var/run permissions.
Must be in pgsql/ or /tmp.
No, "normal" users shouldn't be allowed to do so, obviously. But, are
there real systems in which a database maintainer (i.e., user
postgres) cannot cooperate with the system admin (i.e., user root) to
accomplish this? In practice, is it really envisioned that postgres
should be _so_ distinct from the system? For example, don't most
people run the postmaster from the system startup scripts, and isn't
that the same thing? How did those commands get inserted into the
startup scripts if not by root?
Cheers,
Brook