> How many people really use unix socket permissions in postgresql.conf?
> Probably very few. We could announce when it goes away, and even throw
> an error if it appears in postgresql.conf. Seems that would clear it up
> and make the feature much more usable.
>
> Security is very easy to mess up. That's why I think clarity is
> important. If we are going to change the default socket permissions to
> 700, that clearly would be a good time to make the change, no?
Now that I look at postgresql.conf, I do see lots of connection-related
stuff:## Connection Parameters##tcpip_socket = false#ssl = false#max_connections = 32#port = 5432
#hostname_lookup= false#show_source_port = false#unix_socket_directory = ''#unix_socket_group =
''#unix_socket_permissions= 0777#virtual_host = ''#krb_server_keyfile = ''
I guess my problem is that we will have 'trust' in pg_hba.conf, but then
override that in postgresql.conf by restricting permissions to one user.
That seems kind of strange. We may have to change pg_hba.conf 'trust'
anyway to something like 'socketpermit', or remove the permission
setting in postgresql.conf and add the two new ones I suggested,
singleuser, and singlegroup.
-- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610)
853-3000+ If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill,
Pennsylvania19026