Skip site navigation (1) Skip section navigation (2)

Re: [INTERFACES] pg_pwd

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Lamar Owen <lamar(dot)owen(at)wgcr(dot)org>
Cc: "Sergio A(dot) Kessler" <ser(at)perio(dot)unlp(dot)edu(dot)ar>, "pgsql-interfaces(at)postgreSQL(dot)org" <pgsql-interfaces(at)postgreSQL(dot)org>
Subject: Re: [INTERFACES] pg_pwd
Date: 1999-11-21 02:25:00
Message-ID: 23778.943151100@sss.pgh.pa.us (view raw or flat)
Thread:
Lists: pgsql-interfaces
Lamar Owen <lamar(dot)owen(at)wgcr(dot)org> writes:
>> Maybe it would be worthwhile to try to force pg_pwd in particular
>> to be written with just mode 600.  In the standard configuration that
>> shouldn't make any difference ... 

> Hmmm... Can a parameter be passed to COPY giving the file create mode?

Yes, that was what I was thinking of.  I need to look at the code and
see how direct the connection is between the code that knows it's
writing pg_pwd and the COPY code --- there might be a lot of layers
between :-(

> Just 'initdb --pglib=/usr/lib/pgsql --pgdata=/var/lib/pgsql'
> /var/lib/pgsql is created during the rpm installation of the server
> rpm -- and I can force that to create mode 0700.  HOWEVER, that just
> fixes the symptom -- not the problem.

It looks like if you allow initdb to create the PGDATA directory, it
is correctly created with mode 700.  But if the directory already
exists, initdb just uses it with whatever permissions it was made with.
Should initdb complain, or perhaps try to do a chmod() to make things
more secure?  Mode 755 is bad enough, but suppose a sloppy admin had
made the directory group- or world-writable... or not even owned by
postgres...

			regards, tom lane

Responses

pgsql-interfaces by date

Next:From: Lamar OwenDate: 1999-11-21 02:32:24
Subject: Re: [INTERFACES] pg_pwd
Previous:From: Lamar OwenDate: 1999-11-20 23:29:44
Subject: Re: [INTERFACES] pg_pwd

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group