On Tue, Dec 03, 2002 at 07:57:01PM +0530, Shridhar Daithankar wrote:
> On 3 Dec 2002 at 8:09, Chris Boget wrote:
> > Perfectly valid point.
> > However, when I need to do maintenence, I can simply go in and change the
> > shell then change it back. That's very different from giving user postgres a
> > permanent shell. And as I'd be rebooting (only because I'm still learning and not
> > because there might be problems with the system) more often than I'd be doing
> > maintenence on PG, I need to be able to get PG to start up during boot.
> > Perhaps I'm being overly paranoid but I've already been hacked once due to lax
> > security. I'm just trying to cover all of my bases.
>
> To me it looks like,
>
> 1) You are the sole console user
> 2) Your machine is on internet.
>
> In that case a shell for postgresql user is not much a threat since you alone
> will be having it's password. May be do not enable postgresql on network etc..
Umm, the postgres user having a shell is orthoganal to being able to login
as postgres. Most of my setups have a shell for the postgres user but the
password is disabled. Hence, you can su from root but no other way.
Anyway, you can always use the -s option of su to override the shell for a
one off.
--
Martijn van Oosterhout <kleptog@svana.org> http://svana.org/kleptog/
> Support bacteria! They're the only culture some people have.