Re: [ADMIN] postgresql in FreeBSD jails: proposal
| От | Stephen Frost |
|---|---|
| Тема | Re: [ADMIN] postgresql in FreeBSD jails: proposal |
| Дата | |
| Msg-id | 20080117143729.GR5031@tamriel.snowman.net обсуждение |
| Ответ на | Re: [ADMIN] postgresql in FreeBSD jails: proposal (Tom Lane <tgl@sss.pgh.pa.us>) |
| Ответы |
Re: [ADMIN] postgresql in FreeBSD jails: proposal
|
| Список | pgsql-hackers |
* Tom Lane (tgl@sss.pgh.pa.us) wrote:
> "Marc G. Fournier" <scrappy@hub.org> writes:
> > Easiest fix: change the UID of the user running the postmaster (ie. pgsql) so
> > that each runs as a distinct UID (instead of distinct PGPORT) ... been doing
> > this since moving to FreeBSD 6.x ... no patches required ...
>
> Sure, but in the spirit of "belt and suspenders too", I'd think that
> doing that *and* something like Mischa's proposal wouldn't be bad.
I agree that we should try to be careful about stepping on segments that
might still be in use, but I would also discourage jail users from using
the same uid for multiple PG clusters since the jail doesn't protect the
shmem segment. We use seperate uids even w/ linux-vservers where shmem
and everything *is* seperate, following the same 'belt and suspenders
too' spirit for security.
Thanks,
Stephen
В списке pgsql-hackers по дате отправления: