| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | "Sergio A(dot) Kessler" <ser(at)perio(dot)unlp(dot)edu(dot)ar> |
| Cc: | "pgsql-interfaces(at)postgreSQL(dot)org" <pgsql-interfaces(at)postgreSQL(dot)org> |
| Subject: | Re: [INTERFACES] pg_pwd |
| Date: | 1999-11-19 00:05:06 |
| Message-ID: | 300.942969906@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-interfaces |
"Sergio A. Kessler" <ser(at)perio(dot)unlp(dot)edu(dot)ar> writes:
> what is the funcionality of the file pg_pwd in $PG_DATA ?
> (no, there is _nothing_ in the docs)
That's cause you don't need to know ;-)
Seriously, it's a flat-file copy of pg_shadow, used by the postmaster
to do password verification. (The postmaster can't look directly at
pg_shadow because it cannot participate in database operations.)
See doc/TODO.detail/pg_shadow.
> and why is world =writable & readable= ?
> (hey, everybody, wanna know my passwd ?)
It's not really a security hole because it lives inside a directory
that's mode 700 (unless you tampered with the default permissions
setup). However, I agree it oughta be changed anyway.
The real issue here is that backend-side COPY writes files with mode
666, which seems a strange and dangerous choice to me. But someone once
thought it was a good idea, because COPY goes out of its way to make
that happen. Does anyone have a clue why?
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Victoria W. | 1999-11-19 05:53:58 | unsubscribe |
| Previous Message | John Henderson | 1999-11-18 23:25:20 |