Re: Required permissions for data directory
| От | Tom Lane |
|---|---|
| Тема | Re: Required permissions for data directory |
| Дата | |
| Msg-id | 5560.1097608182@sss.pgh.pa.us обсуждение |
| Ответ на | Required permissions for data directory ("Joshua D. Drake" <jd@commandprompt.com>) |
| Ответы |
Re: Required permissions for data directory
Re: Required permissions for data directory |
| Список | pgsql-hackers |
"Joshua D. Drake" <jd@commandprompt.com> writes:
> For 8.0 are we going to allow group modifications to the data
> directories for PostgreSQL? It is kind of silly that it must be 700.
Not in the least. There are many systems where users by default
are all in a "users" group, and so 770 isn't much safer than 777.
> I think we should allow at least 770. This allows you to have
> administrators with postgresql.conf editing rights without giving
> them the ability to su to postgresql.
Being able to edit postgresql.conf gives one the ability to become
postgres (hint: you can cause the backend to load a shlib of your
choosing, or even more trivially, adjust pg_hba.conf to let you in
as superuser), so the above distinction is unenforceable.
In short: no way.
regards, tom lane
В списке pgsql-hackers по дате отправления: