|PostgreSQL 8.4.20 Documentation|
|Prev||Fast Backward||Chapter 17. Server Setup and Operation||Fast Forward||Next|
As with any other server daemon that is accessible to the outside world, it is advisable to run PostgreSQL under a separate user account. This user account should only own the data that is managed by the server, and should not be shared with other daemons. (For example, using the user nobody is a bad idea.) It is not advisable to install executables owned by this user because compromised systems could then modify their own binaries.
To add a Unix user account to your system, look for a command useradd or adduser. The user name postgres is often used, and is assumed throughout this book, but you can use another name if you like.
Mac OS X users:
Because OS X uses Open Directory to manage user accounts, there is no useradd/adduser command to speak of.
Instead, one may use a directory services utility to add a new user. This utility varies depending on your OS X version.
OS X 10.0–10.4:
Use the NetInfo Manager.app in /Applications/Utilities
OS X 10.5–10.6:
Use the dscl command-line utility.
You will need to create a new postgres user, and corresponding group for that user.
If using dscl, at least on my 10.6 install, there is conveniently a _mysql user and group already created for you (as mysql is included in Server editions of OS X), whose attributes you can use as a template. If doing this, you may want to change the shell to be something not false so that you can use '$ su postgres', otherwise you will have to use '$ sudo -u postgres <command>' for all commands that are to be performed by the postgres user.