Re: required rights for PGDATA

Holger Klawitter <lists@klawitter.de> writes:
> As postgres (the user under with the process is actually running) cannot
> obtain a shell, I need group access to the data directory in order to
> configure postgres.

> [ so relax permissions on $PGDATA ]

Why is it more secure to relax permissions on $PGDATA than to undo your
choice not to have a login shell for postgres?

In very many environments, 0770 protection would be a disaster.  I do
not think it is a good idea to allow that permission to be set, not
even configurably.

            regards, tom lane