Holger Klawitter <lists@klawitter.de> writes:
> As postgres (the user under with the process is actually running) cannot
> obtain a shell, I need group access to the data directory in order to
> configure postgres.
> [ so relax permissions on $PGDATA ]
Why is it more secure to relax permissions on $PGDATA than to undo your
choice not to have a login shell for postgres?
In very many environments, 0770 protection would be a disaster. I do
not think it is a good idea to allow that permission to be set, not
even configurably.
regards, tom lane