Text Size: Normal / Large

Home → Documentation → Manuals → PostgreSQL 8.3

PostgreSQL 8.3.4 Documentation
Prev	Fast Backward	Chapter 17. Operating System Environment	Fast Forward	Next

17.1. The PostgreSQL User Account

As with any other server daemon that is accessible to the outside world, it is advisable to run PostgreSQL under a separate user account. This user account should only own the data that is managed by the server, and should not be shared with other daemons. (For example, using the user nobody is a bad idea.) It is not advisable to install executables owned by this user because compromised systems could then modify their own binaries.

To add a Unix user account to your system, look for a command useradd or adduser. The user name postgres is often used, and is assumed throughout this book, but you can use another name if you like.

Prev	Home	Next
Operating System Environment	Up	Creating a Database Cluster

User Comments

23 Feb 2008 23:10:57

[This comment is a rewrite of my comment for PostgreSQL 8.1. The latest version of Mac OS X, Leopard, saw the removal of the NetInfo subsystem, and all the following instructions have been changed accordingly.]

Mac OS X 10.5 does not have the useradd or adduser commands, since user management is handled by Directory Services. You can instead create a user account with the dscl command from the Terminal application. You will need sudo or root access to create the user account.

Although the manual does not mention groups, it is a good idea to give the user account its own group as well. This prevents any files in the database cluster with group write-access from being modified by other users.

To create the user account and group from the Terminal application, first find an unused group ID and an unused user ID. To see the IDs that are currently in use, type

$ sudo dscl . -list /Groups PrimaryGroupID
$ sudo dscl . -list /Users UniqueID

or if it helps you to see just a sorted list of IDs, type

$ sudo dscl . -list /Groups PrimaryGroupID | cut -c 32-34 | sort
$ sudo dscl . -list /Users UniqueID | cut -c 20-22 | sort

Assume that group ID 50 and user ID 100 are not in use. First create the group _postgres by typing

$ sudo dscl . -create /Groups/_postgres
$ sudo dscl . -create /Groups/_postgres PrimaryGroupID 50
$ sudo dscl . -append /Groups/_postgres RecordName postgres

(Leopard precedes daemon names with an underscore. The last command created an alias without the underscore, though, so that you can forget the underscore exists.)

Then create the user account _postgres by typing

$ sudo dscl . -create /Users/_postgres
$ sudo dscl . -create /Users/_postgres UniqueID 100
$ sudo dscl . -create /Users/_postgres PrimaryGroupID 50
$ sudo dscl . -create /Users/_postgres UserShell /bin/bash
$ sudo dscl . -create /Users/_postgres RealName "PostgreSQL Server"
$ sudo dscl . -create /Users/_postgres NFSHomeDirectory /usr/local/pgsql
$ sudo dscl . -append /Users/_postgres RecordName postgres

The user account is now created. It is not given a password intentionally. This prevents anyone but root from logging in as postgres. To use the postgres user account, type

$ sudo su - postgres

When the database cluster is initialised, you want the cluster to not only be owned by the postgres user, but also by the postgres group. Replace the chown line in Section 17.2 with

root# chown postgres.postgres /usr/local/pgsql/data

25 Apr 2008 13:27:05

You can check the user variables with this command:
$ sudo dscl . -read /Users/_postgres

Jerome

28 May 2008 14:21:09

Using MacPorts, do a

$ sudo dscl . -create /Users/_postgres NFSHomeDirectory /opt/local/var/db/postgresql83/

Chris Dixon

08 Oct 2008 20:02:27

Installing 8.3.1 on OS10.5.5 from the binary .dmg distribution created a 'postgres' account with the user variable UserShell set to "/usr/bin/false", which seems to prevent su'ing to that account.

Updated the property using:
$ sudo dscl . -change /Users/postgres UserShell /usr/bin/false /bin/bash

This now allows su access.

Add Comment

Please use this form to add your own comments regarding your experience with particular features of PostgreSQL, clarifications of the documentation, or hints for other users. Please note, this is not a support forum, and your IP address will be logged. If you have a question or need help, please see the faq, try a mailing list, or join us on IRC. Note that submissions containing URLs or other keywords commonly found in 'spam' comments may be silently discarded. Please contact the webmaster if you think this is happening to you in error.

In order to submit a comment, you must have a community account.

* denotes required field