Обсуждение: Re: Installing PostgreSQL as "postgress" versus "root"

So does that mean there's no security issue using the root account to
install postrgeSQL as the first book indicated? Thanks.

--
Husam


-----Original Message-----
From: Joshua D. Drake [mailto:jd@commandprompt.com]
Sent: Wednesday, January 12, 2005 8:52 PM
To: Goulet, Dick
Cc: Stephan Szabo; Peter Eisentraut; Tomeh, Husam; PgSQL ADMIN
Subject: Re: [ADMIN] Installing PostgreSQL as "postgress" versus "root"
Debate!

Goulet, Dick wrote:

>Whatever, I'll keep root only for absolutely restricted use & install
>under a separate user account.  Works just fine & it makes the auditors

>& sysadmin feel better.
>
>
I don't argue the point of using root. I agree with you there.
Just the point that if it is owned by root it executes as root.

Sincerely,

Joshua D. Drake



>
>Dick Goulet
>Senior Oracle DBA
>Oracle Certified 8i DBA
>-----Original Message-----
>From: Stephan Szabo [mailto:sszabo@megazone.bigpanda.com]
>Sent: Wednesday, January 12, 2005 11:14 PM
>To: Goulet, Dick
>Cc: Peter Eisentraut; Tomeh, Husam; PgSQL ADMIN
>Subject: Re: [ADMIN] Installing PostgreSQL as "postgress" versus "root"
>Debate!
>
>On Wed, 12 Jan 2005, Goulet, Dick wrote:
>
>
>
>>    You may well be on the development team, but you are wrong for
one
>>very important reason.  If the Postgresql executables are owned by
>>root they execute with the priviledges of root.   Thereby any local
>>
>>
>
>Not on any reasonable system unless installed setuid at which point I
>don't think they'd run since I think the don't run as root code would
>prevent it.
>
>---------------------------(end of
>broadcast)---------------------------
>TIP 3: if posting/reading through Usenet, please send an appropriate
>      subscribe-nomail command to majordomo@postgresql.org so that your
>      message can get through to the mailing list cleanly
>
>


--
Command Prompt, Inc., home of Mammoth PostgreSQL - S/ODBC and S/JDBC
Postgresql support, programming shared hosting and dedicated hosting.
+1-503-667-4564 - jd@commandprompt.com - http://www.commandprompt.com
PostgreSQL Replicator -- production quality replication for PostgreSQL

**********************************************************************
This message contains confidential information intended only for the
use of the addressee(s) named above and may contain information that
is legally privileged.  If you are not the addressee, or the person
responsible for delivering it to the addressee, you are hereby
notified that reading, disseminating, distributing or copying this
message is strictly prohibited.  If you have received this message by
mistake, please immediately notify us by replying to the message and
delete the original message immediately thereafter.

Thank you.                                       FADLD Tag
**********************************************************************

On Thu, Jan 13, 2005 at 08:06:05 -0800,
  "Tomeh, Husam" <htomeh@firstam.com> wrote:
> So does that mean there's no security issue using the root account to
> install postrgeSQL as the first book indicated? Thanks.

This depends on who you trust. The install scripts could potentially do
bad things. Generally you will need to do at least some part of the
install process as root. It is also a good idea to install the binaries
using a different user (and root is fine if there aren't any setuid/setgid
binaries) than the database will run under so that database users can't
corrupt the binaries via untrusted languages or bugs.