RE: Restricting permissions on Unix socket

Поиск
Список
Период
Сортировка
От Jones, Colin
Тема RE: Restricting permissions on Unix socket
Дата
Msg-id 67D56677795DB34482C0DBCF1AD5EC42392067@xchange-dal.rightnowtech.com
обсуждение исходный текст
Ответ на Restricting permissions on Unix socket  (Peter Eisentraut <peter_e@gmx.net>)
Список pgsql-hackers
Дерево обсуждения 
<p><font size="2">Please take me off this list!  I have received over 50 emails in the last 24 hours and I have no idea
whyI am getting them.  Please look for email address cjones@rightnotech.com or cjones@rightnow.com and take it out! 
Thanks!</font><br/><br /><p><font size="2">-----Original Message-----</font><br /><font size="2">From: Robert Kernell
[<ahref="mailto:kernell@sundog.larc.nasa.gov">mailto:kernell@sundog.larc.nasa.gov</a>]</font><br /><font size="2">Sent:
Tuesday,October 31, 2000 3:36 PM</font><br /><font size="2">To: pgsql-hackers@postgresql.org</font><br /><font
size="2">Subject:Re: [HACKERS] Restricting permissions on Unix socket</font><br /><br /><p><font size="2">> I'd like
toadd an option or two to restrict the set of users that can</font><br /><font size="2">> connect to the Unix domain
socketof the postmaster, as an extra security</font><br /><font size="2">> option.</font><br /><font size="2">>
</font><br/><font size="2">> I imagine something like this:</font><br /><font size="2">> </font><br /><font
size="2">>unix_socket_perm = 0660</font><br /><font size="2">> unix_socket_group = pgusers</font><br /><font
size="2">></font><br /><font size="2">> Obviously, permissions that don't have 6's in there don't make much
sense,</font><br/><font size="2">> but I feel this notation is the most intuitive way for admins.</font><br /><font
size="2">></font><br /><font size="2">> I'm not sure how to do the group thing, though.  If I use chown(2)
then</font><br/><font size="2">> there's a race condition, but doing savegid; create socket; restoregid</font><br
/><fontsize="2">> might be too awkward?  Any hints?</font><br /><font size="2">> </font><p><font size="2">Just
curious.What is a race condition? </font><p><font size="2">Bob Kernell</font><br /><font size="2">Research
Scientist</font><br/><font size="2">Surface Validation Group</font><br /><font size="2">Atmospheric Sciences
Competency</font><br/><font size="2">Analytical Services & Materials, Inc.</font><br /><font size="2">email:
kernell@sundog.larc.nasa.gov</font><br/><font size="2">tel: 757-827-4631</font>

В списке pgsql-hackers по дате отправления:

Предыдущее
От: Robert Kernell
Дата:
Сообщение: Re: Restricting permissions on Unix socket
Следующее
От: Peter Eisentraut
Дата:
Сообщение: Re: WAL status update