Re: Postgres user with a shell of /bin/false

Поиск
Список
Период
Сортировка
От Peter Eisentraut
Тема Re: Postgres user with a shell of /bin/false
Дата
Msg-id 200905221649.05873.peter_e@gmx.net
обсуждение исходный текст
Ответ на Postgres user with a shell of /bin/false  (Cliff Pratt <enkiduonthenet@gmail.com>)
Ответы Re: Postgres user with a shell of /bin/false  (Scott Mead <scott.lists@enterprisedb.com>)
Список pgsql-admin
On Friday 22 May 2009 06:51:42 Cliff Pratt wrote:
> I've browsed my history of the list, and the Internet for information
> regarding giving the unix 'postgres' user a shell of /bin/false, so
> that it cannot be logged into directly. It seems from my research that
> if I set the user's shell to /bin/false it will not prevent the
> running of postgres itself.

I think it could work, but I don't think it is to be recommended.  Sometimes
you want to log in as that user to be able to do certain types of special
administration or fixes.  For example, if you ever need to run pg_resetxlog,
you probably want to be logged in as postgres, unless you are very confident
that your su or sudo invocations are correct and don't mess up the permissions
of the database directory in strange ways.

Maybe disabling the password of the account and allowing login only via sudo
is close to what you want, but ends up being more flexible.

В списке pgsql-admin по дате отправления:

Предыдущее
От: Cliff Pratt
Дата:
Сообщение: Postgres user with a shell of /bin/false
Следующее
От: Scott Mead
Дата:
Сообщение: Re: Postgres user with a shell of /bin/false