> I've browsed my history of the list, and the Internet for
> information
> regarding giving the unix 'postgres' user a shell of /bin/false, so
> that it cannot be logged into directly. It seems from my research
> that
> if I set the user's shell to /bin/false it will not prevent the
> running of postgres itself.
In at least FreeBSD, the standard ports way of setting PGSQL user to
use /usr/bin/nologin as shell works well enough. You get the regular
shell interface from SU'ing or sudoing into account, but you cannot
login into box directly.
Is the nologin "shell" BSD only feature though?
-Reko