On Mon, 05 Jun 2006 13:21:48 -0500
Tony Caduto <tony_caduto@amsoftwaredesign.com> wrote:
> Just wondering if anyone has done this:
> Change the user the DB runs under from postgres to apache on a
> established server?
> I would think I would just change ownership on all the data dir files
> and modify the startup script in /etc/init.d/postgresql.
>
> Reason is I need a plperlu procedure to generate a dir listing for a
> Kylix CGI web app and the directories in question are limited to the
> user and group apache,
> hence my plperlu proc can't list the contents. I also can't set the
> other permissions because I don't want any other users peaking around.
Sounds dangerous. If someone breaks your web server, they have their run
of the database server as well.
You might want to change group ownership of the cluster directory to apache,
then set the permissions on all those files to be rw by postgres user, and
ro by apache group.
> Or is there a way to have the plperlu procs to run as a different user?
> I have been looking though the plperl docs but have not seen anything
> like that.
Search for setuidperl or suidperl ... not sure which. That will let you
change users after the script starts.
--
Bill Moran
Collaborative Fusion Inc.