Обсуждение: filesystem permissions and security
Hi,
According to the manual from 7.3 onwards, PostgreSQL should be installed thusly:
$ ./configure
$ gmake
$ su
# gmake install
# adduser postgres
# mkdir /usr/local/pgsql/data
# chown postgres /usr/local/pgsql/data
# su - postgres
$ /usr/local/pgsql/bin/initdb -D /usr/local/pgsql/data
<etc.>
I found a number of web pages which suggest the following:
# chown -R postgres /usr/local/pgsql
Which is obviously less secure. Dunno how those people got the idea; perhaps from older versions' documentation?
Anyways, I'm trying to find out when the "new thinking" re filesystem permissions came in being, and mailing list discussions on same, if any.
At my day job, I just came across Oracle installations which are "chown -R oracle /usr/local/oracle". I'm told the vendor says to do it this way. Veni, vidi, I couldn't believe my eyes and all that. :-)
In essence, I'm looking for "ammunition" to support my case to bring Oracle's filesystem permissions to the higher standard set by modern PostreSQL's.
TIA. Cheers.
According to the manual from 7.3 onwards, PostgreSQL should be installed thusly:
$ ./configure
$ gmake
$ su
# gmake install
# adduser postgres
# mkdir /usr/local/pgsql/data
# chown postgres /usr/local/pgsql/data
# su - postgres
$ /usr/local/pgsql/bin/initdb -D /usr/local/pgsql/data
<etc.>
I found a number of web pages which suggest the following:
# chown -R postgres /usr/local/pgsql
Which is obviously less secure. Dunno how those people got the idea; perhaps from older versions' documentation?
Anyways, I'm trying to find out when the "new thinking" re filesystem permissions came in being, and mailing list discussions on same, if any.
At my day job, I just came across Oracle installations which are "chown -R oracle /usr/local/oracle". I'm told the vendor says to do it this way. Veni, vidi, I couldn't believe my eyes and all that. :-)
In essence, I'm looking for "ammunition" to support my case to bring Oracle's filesystem permissions to the higher standard set by modern PostreSQL's.
TIA. Cheers.